Assuming you want to deny all SSH access for an account (i.e., interactive
use, remote command execution, and file transfers), you can grant an
identifier to the accounts you want to allow access to (or deny access to,
depending on how many of each there are), then use the DENYGROUP or
ALLOWGROUP keywords in the config file.
For example, you can have "DenyGroups limabeans" in the config file, then
for the account(s) you want to restrict, add the rights identifier
"limabeans" to it/them.
The PermitRootLogin keyword in the SSHD2_CONFIG. file can be set to "no"
to prevent SSH access to SYSTEM. How can SSH access to an arbitrary
account be denied? The DenyUsers keyword seems to apply to the remote
user's name not the local account name.
------
+-------------------------------+----------------------------------------+
| Dan O'Reilly | "There are 10 types of people in this |
| Principal Engineer | world: those who understand binary |
| Process Software | and those who don't." |
| http://www.process.com | |
+-------------------------------+----------------------------------------+