To Deny user direct login via ssh but allow login in between servers we can user below “Match” method, This will Allow Ranjith_P04 user to login only from 10.18.43.69/10.18.43.70/10.18.43.71 servers and the same user is denied to login from entire network 10.18.*.*
This needs to be added in last line of /etc/ssh/sshd_config file with same order in all 3 servers and restart sshd service
Also need to remove “DenyUsers Ranjith_P04” line from /etc/ssh/sshd_config in order allow the user to login via ssh in between the given servers.
Match User Ranjith_P04 Address 10.18.43.69
Match User Ranjith_P04 Address 10.18.43.70
Match User Ranjith_P04 Address 10.18.43.71
Match User Ranjith_P04 Address 10.18.*.*