It is not always desireable to allow all users to logon through SSH. However you still need to have their user account on the system. Here is a way to limiting ssh access on your linux environments. It requires sshd and pam.d.

By creating ssh.allow lists you are able to allow only a subset of users to login on your linux environment. Create a file in /etc/ssh/ssh.allow

touch /etc/ssh/ssh.allow

add the following line to /etc/pam.d/sshd

# /etc/pam.d/sshd
auth    required        pam_listfile.so item=user sense=allow file=/etc/ssh/ssh.allow onerr=fail

Whenever you want to allow a user to logon with ssh, you have to add a username entry in ssh.allow. Below is an example of ssh.allow.

# /etc/ssh/ssh.allow
mikkel
jens
foo
bar

By creating ftp.allow lists you are able to allow only a subset of users to login on your linux environment. Create a file in /etc/ftp.allow

touch /etc/ftp.allow

Uncomment the following in /etc/pam.d/vsftp

#auth   required        pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

and replace it with the following line

auth    required        pam_listfile.so item=user sense=allow file=/etc/ftp.allow onerr=fail

The file should look like this.

# Standard behaviour for ftpd(8).
#auth   required        pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

auth    required        pam_listfile.so item=user sense=allow file=/etc/ftp.allow onerr=fail

# Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.

# Standard pam includes
@include common-account
@include common-session
@include common-auth
auth    required        pam_shells.so

Whenever you want to allow a user to logon with ftp, you have to add a username entry in ftp.allow. Below is an example of ftp.allow which enables the specific users to login with ftp.

# /etc/ftp.allow
mikkel
jens
foo
bar