Read man sshd_configfor more details, but you can use the AllowUsersdirective in /etc/ssh/sshd_configto limit the set of users who can login.

阅读man sshd_config更多详细信息，但您可以使用AllowUsers指令 in/etc/ssh/sshd_config来限制可以登录的用户集。

e.g.

例如

AllowUsers boris

would mean that only the borisuser could login via ssh.

这意味着只有boris用户可以通过 ssh 登录。

Any user whose login shell setting in /etc/passwdis an interactive shell can login. I don't think there's a totally reliable way to tell if a program is an interactive shell; checking whether it's in /etc/shellsis probably as good as you can get.

任何登录 shell 设置/etc/passwd为交互式 shell 的用户都可以登录。我不认为有一种完全可靠的方法可以判断程序是否是交互式 shell。检查它是否在里面/etc/shells可能和你能得到的一样好。

Other users can also login, but the program they run should not allow them to get much access to the system. And users that aren't allowed to login at all should have /etc/falseas their shell -- this will just log them out immediately.

其他用户也可以登录，但他们运行的程序不应允许他们访问系统。根本不允许登录的用户应该有/etc/false作为他们的外壳——这只会立即将他们注销。

Any user with a valid shell in /etc/passwdcan potentially login. If you want to improve security, set up SSH with public-key authentication (there is lots of info on the web on doing this), install a public key in one user's ~/.ssh/authorized_keysfile, and disable password-based authentication. This will prevent anybody except that one user from logging in, and will require that the user have in their possession the matching private key. Make sure the private key has a decent passphrase.

任何拥有有效 shell 的用户/etc/passwd都可能登录。如果您想提高安全性，请使用公钥身份验证设置 SSH（网络上有很多关于此操作的信息），在一个用户的~/.ssh/authorized_keys文件中安装公钥，并禁用基于密码的身份验证。这将阻止除一个用户之外的任何人登录，并要求该用户拥有匹配的私钥。确保私钥有一个合适的密码。

To prevent bots from trying to get in, run SSH on a port other than 22 (i.e. 3456). This doesn't improve security but prevents script-kiddies and bots from cluttering up your logs with failed attempts.

为防止机器人试图进入，请在 22 以外的端口（即 3456）上运行 SSH。这不会提高安全性，但可以防止脚本小子和机器人因尝试失败而弄乱您的日志。