Ordnen Sie alle Benutzer in eine Gruppe 'remote_users' ein und geben Sie in Ihrer sshd.conf an, dass sich nur Benutzer dieser Gruppen über ssh anmelden dürfen:
AllowGroups This keyword can be followed by a list of group name patterns, separated by spaces. If specified, login is allowed only for users whose primary group or supplementary group list matches one of the patterns. Only group names are valid; a numerical group ID is not recognized. By default, login is allowed for all groups. The allow/deny directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.