You can control access to your SSH server by configuring firewall rules to only allow login from specific IP address or configure to whether or not allow root user to login. You can also configure the user's shell to /sbin/nologin or /bin/false so that the user will not be able to log in at all.
There are however options in SSH server configuration to set the exact users and groups that are allowed and not allowed to log in to the SSH server without affecting their other form of logins.
~$ getent passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-timesync:x:100:101:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin systemd-network:x:101:103:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin messagebus:x:103:106::/nonexistent:/usr/sbin/nologin syslog:x:104:110::/home/syslog:/usr/sbin/nologin _apt:x:105:65534::/nonexistent:/usr/sbin/nologin tss:x:106:111:TPM software stack,,,:/var/lib/tpm:/bin/false uuidd:x:107:114::/run/uuidd:/usr/sbin/nologin tcpdump:x:108:115::/nonexistent:/usr/sbin/nologin avahi-autoipd:x:109:117:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/usr/sbin/nologin usbmux:x:110:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin rtkit:x:111:118:RealtimeKit,,,:/proc:/usr/sbin/nologin dnsmasq:x:112:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin avahi:x:113:120:Avahi mDNS daemon,,,:/run/avahi-daemon:/usr/sbin/nologin cups-pk-helper:x:114:121:user for cups-pk-helper service,,,:/home/cups-pk-helper:/usr/sbin/nologin speech-dispatcher:x:115:29:Speech Dispatcher,,,:/run/speech-dispatcher:/bin/false kernoops:x:116:65534:Kernel Oops Tracking Daemon,,,:/:/usr/sbin/nologin saned:x:117:123::/var/lib/saned:/usr/sbin/nologin nm-openvpn:x:118:124:NetworkManager OpenVPN,,,:/var/lib/openvpn/chroot:/usr/sbin/nologin whoopsie:x:119:125::/nonexistent:/bin/false colord:x:120:126:colord colour management daemon,,,:/var/lib/colord:/usr/sbin/nologin sssd:x:121:127:SSSD system user,,,:/var/lib/sss:/usr/sbin/nologin geoclue:x:122:128::/var/lib/geoclue:/usr/sbin/nologin pulse:x:123:129:PulseAudio daemon,,,:/var/run/pulse:/usr/sbin/nologin hplip:x:124:7:HPLIP system user,,,:/run/hplip:/bin/false gnome-initial-setup:x:125:65534::/run/gnome-initial-setup/:/bin/false gdm:x:126:131:Gnome Display Manager:/var/lib/gdm3:/bin/false user:x:1000:1000:user,,,:/home/user:/bin/bash systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin sshd:x:127:65534::/run/sshd:/usr/sbin/nologin alice:x:1001:1001:alice,,,:/home/alice:/bin/bash bob:x:1002:1002:bob,,,:/home/bob:/bin/bash
$ getent group root:x:0: daemon:x:1: bin:x:2: sys:x:3: adm:x:4:syslog,user tty:x:5: disk:x:6: lp:x:7: mail:x:8: news:x:9: uucp:x:10: man:x:12: proxy:x:13: kmem:x:15: dialout:x:20: fax:x:21: voice:x:22: cdrom:x:24:user floppy:x:25: tape:x:26: sudo:x:27:user,alice audio:x:29:pulse dip:x:30:user www-data:x:33: backup:x:34: operator:x:37: list:x:38: irc:x:39: src:x:40: gnats:x:41: shadow:x:42: utmp:x:43: video:x:44: sasl:x:45: plugdev:x:46:user staff:x:50: games:x:60: users:x:100: nogroup:x:65534: systemd-timesync:x:101: systemd-journal:x:102: systemd-network:x:103: systemd-resolve:x:104: crontab:x:105: messagebus:x:106: input:x:107: kvm:x:108: render:x:109: syslog:x:110: tss:x:111: bluetooth:x:112: ssl-cert:x:113: uuidd:x:114: tcpdump:x:115: ssh:x:116: avahi-autoipd:x:117: rtkit:x:118: netdev:x:119: avahi:x:120: lpadmin:x:121:user scanner:x:122:saned saned:x:123: nm-openvpn:x:124: whoopsie:x:125: colord:x:126: sssd:x:127: geoclue:x:128: pulse:x:129: pulse-access:x:130: gdm:x:131: lxd:x:132:user user:x:1000: sambashare:x:133:user systemd-coredump:x:999: alice:x:1001: bob:x:1002:
$ sudo vi /etc/ssh/sshd_config
AllowUsers alice user
Users not listed will not be allowed to login.
Use space separated value or add multiple entry to configure for multiple users.
Regex and wildcard values are accepted.
DenyUsers charlie
Works in contrast with AllowUsers.
Configuration options similar to AllowUsers.
AllowGroups admin
Configuration options similar to AllowUsers.
DenyGroups finance
Works in contrast with AllowGroups.
Configuration options similar to AllowUsers.
$ sudo systemctl restart ssh
Comment anonymously. Login not required.