Show Contents / Index / Search

Access Control Settings

The table below provides an overview of server settings you can use to control client access to the server.

By default, all client users with an account on the server host can connect to the server, open a terminal session, and access all local files and directories allowed for their user account from any client computer. You can edit the server configuration file (/etc/ssh2/sshd2_config) to customize access for client users, groups, and computers.

To

Use

Set the maximum number of connections

MaxConnections

Allow access to specified session types only

SessionRestricted

Control access from client users

AllowUsers
DenyUsers
UserSpecificConfig

Control access from client groups

AllowGroups
DenyGroups
UserSpecificConfig

Control access from client hosts

AllowHosts
DenyHosts
HostSpecificConfig

Control access using TCP Wrappers

LibWrap

Restrict sftp and scp users or groups to a confined directory tree

ChrootSftpUsers
ChrootSftpGroups

Restrict port forwarding

AllowTcpForwardingForGroups
DenyTcpForwardingForGroups
AllowTcpForwardingForUsers
DenyTcpForwardingForUsers
ForwardACL
GatewayPorts
AllowX11Forwarding
X11UseLocalHost

Configure PAM authentication

AccountManagement
AuthKbdInt.Required
PamServiceName
UsePamSessions

Related Topics

Using Allow and Deny Keywords

Configuring User Access

Configuring Group Access

Configuring Client Host Access

Server Configuration Files

Server Subconfiguration Files