I understand that to allow a web user access to SSH, I have to open up /etc/ssh/sshd_config and manually add each username to the list and restart sshd.
I built a small custom bash script to create users, do other setup, etc. Is there a command to add each user to the AllowUsers list in sshd_config? This would be extremely helpful vs doing it manually all the time. Or if I delete a user, have it removed from the list automatically?
You may have to ensure user could log in for command line:
getent passwd $USER
usertoto:x:1234:1234:User Toto,,,:/home/usertoto/:/bin/false
The last field is the shell to start, ``false'' will not let usertoto open any command line terminal.
This could changed by
chsh -s /bin/sh usertoto
Using a group instead of a list of user
You could create a group, allowed to log in, than add users into this group. This could by simplier than edit manually user list into sshd config.
See AllowGroups in man sshd_config and man adduser
adduser usertoto sshallowed