Show Contents / Index / Search

Access Control Settings

By default, all client users with an account on the server host can connect to the server, open a terminal session, and access all local files and directories allowed for their user account. You can edit the server configuration file (/etc/ssh2/sshd2_config) to customize access for client users, groups, and computers.

To

Use

Set the maximum number of connections

MaxConnections

Allow access to specified session types only

SessionRestricted

Control access from client users

AllowUsers
DenyUsers
UserSpecificConfig

Control access from client groups

AllowGroups
DenyGroups

Control access from client hosts

AllowHosts
DenyHosts

Restrict sftp and scp users or groups to a confined directory tree

ChrootSftpUsers
ChrootSftpGroups

Restrict port forwarding

AllowTcpForwardingForGroups
DenyTcpForwardingForGroups
AllowTcpForwardingForUsers
DenyTcpForwardingForUsers
ForwardACL
GatewayPorts
AllowX11Forwarding
X11UseLocalHost

Configure PAM authentication

AccountManagement
AuthKbdInt.Required
PamServiceName

Related Topics

Using Allow and Deny Keywords

Configuring User Access

Configuring Group Access

Configuring Client Host Access

Server Configuration Files

Server Subconfiguration Files