Access Control Settings

The table below provides an overview of server settings you can use to control client access to the server.

By default, all client users with an account on the server host can connect to the server, open a terminal session, and access all local files and directories allowed for their user account from any client computer. You can edit the server configuration file (/opt/microfocus/rsit/etc/sshd2_config) to customize access for client users, groups, and computers.

To	Use
Set the maximum number of connections	MaxConnections
Set the maximum number of multiplexed sessions supported over a single TCP connection. To disable connection reuse, set this keyword to 1.	MaxSessions
Allow access to specified session types only	SessionRestricted
Control access from client users	AllowUsers DenyUsers UserSpecificConfig
Control access from client groups	AllowGroups DenyGroups UserSpecificConfig
Control access from client hosts	AllowHosts DenyHosts HostSpecificConfig
Control access using TCP Wrappers	LibWrap
Restrict sftp and scp users or groups to a confined directory tree	ChrootSftpUsers ChrootSftpGroups
Control upload and download access rights for sftp and scp users.	AllowSftpCommands
Restrict port forwarding	AllowTcpForwardingForGroups DenyTcpForwardingForGroups AllowTcpForwardingForUsers DenyTcpForwardingForUsers ForwardACL GatewayPorts AllowX11Forwarding X11UseLocalHost
Configure PAM authentication	AccountManagement AuthKbdInt.Required PamServiceName UsePamSessions

---

More information

• Using Allow and Deny Keywords

• Configuring User and Group Access

• Configuring Client Host Access

• Server Configuration Files

• Server Subconfiguration Files