Re: Question restricting ssh access for some users only

From: Jeremie Le Hen (jeremie_at_le-hen.org)
Date: 10/08/04

  • Next message: Jeremie Le Hen: "Re: Question restricting ssh access for some users only"
    Date: Fri, 8 Oct 2004 18:18:12 +0200
    To: Jim Hatfield <subscriber@insignia.com>
    
    

    > >have you tried using /etc/login.access?
    >
    > Hmm, looks like sshd does not consult this file!

    login.conf(5) is indeed the configuration file for login(1) which is
    not used sshd(8) with the default configuration. You have to use the
    `UseLogin' option described in sshd_config(5) :

         UseLogin
                 Specifies whether login(1) is used for interactive login ses-
                 sions. The default is ``no''. Note that login(1) is never used
                 for remote command execution. Note also, that if this is
                 enabled, X11Forwarding will be disabled because login(1) does not
                 know how to handle xauth(1) cookies. If UsePrivilegeSeparation
                 is specified, it will be disabled after authentication.

    Apart from that, `AllowUsers' and `AllowGroups' have been mentioned
    multiple times, but it might be easier to use `DenyUsers' and
    `DenyGroups' options for the described situation.

    Regards,

    -- 
    Jeremie Le Hen
    jeremie@le-hen.org
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Jeremie Le Hen: "Re: Question restricting ssh access for some users only"

    Relevant Pages

    • Re: SSH newbie questions
      ... Since you didn't restart sshd after changing the configuration file, the PID file wasn't created. ... It appears now because, in rebooting your machine, you also restarted sshd, which read teh new configuration file changes, and created the PID file. ...
      (comp.sys.mac.system)
    • Re: SSH newbie questions
      ... It gets created when sshd starts. ... changing the configuration file, the PID file wasn't created. ... as root, then an sshd process starts, and the .pid file is created. ...
      (comp.sys.mac.system)
    • Re: key or password based on IP
      ... > You can run multiple copies of sshd with different options (on different ... Slightly off topic, I'm using RH 7.3 and webmin, would I be better off ... So far I've only cloned the webmin sshd module and the second ... configuration file and webmin works fine for configuration info but I ...
      (comp.security.ssh)
    • Re: Prevent users from leaving home
      ... Peter Koutsoulias wrote: ... > logging in via the sshd? ... I couldn't find anything in the configuration file ...
      (SSH)