AllowUsers

We've already denied the root user access to our system, but what if we wanted to take this a step further and specify the users we want to grant access to?

For that, we need the AllowUsers setting.

This is rarely a default setting, or even commented out in the sshd_config file, so we're going to add it to the bottom:

#       PermitTTY no
#       ForceCommand cvs server
AllowUsers vagrant

Restart the SSH daemon:

[vagrant@centos2 ~]$ sudo systemctl restart sshd

Now, you've got a system that only the vagrant user will be able to SSH to. You can also add multiple names to this list, or even substitute this whitelist for a blacklist, with DenyUsers.

If we want, we can work on a group basis (instead of individual usernames) with AllowGroups and DenyGroups.