DenyGroups - Infinite Lexicon - Infinite Lexicon

DenyGroups

DenyGroups is a directive in the OpenSSH server configuration (sshd_config) that controls SSH login access based on group membership. It lists one or more group names, and any user who is a member of any of those groups is denied SSH access. The setting is commonly used to block access for specific teams, contractors, or service accounts without disabling the underlying user accounts.

Syntax and scope: DenyGroups groupname [groupname ...] accepts standard system group names defined in the group database

Usage and examples: For example, DenyGroups admins contractors interns would block any user who is a member

Considerations: DenyGroups provides a targeted approach to restricting access without altering user accounts themselves. It applies

See also: AllowGroups, DenyUsers, AllowUsers, sshd_config.

keyboard-interactive

a