Re: Question restricting ssh access for some users only
From: Jeremie Le Hen (jeremie_at_le-hen.org)
Date: 10/08/04
- Previous message: Jim Hatfield: "Re: Question restricting ssh access for some users only"
- In reply to: Jim Hatfield: "Re: Question restricting ssh access for some users only"
- Next in thread: Jeremie Le Hen: "Re: Question restricting ssh access for some users only"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 8 Oct 2004 18:18:12 +0200 To: Jim Hatfield <subscriber@insignia.com>
> >have you tried using /etc/login.access?
>
> Hmm, looks like sshd does not consult this file!
login.conf(5) is indeed the configuration file for login(1) which is
not used sshd(8) with the default configuration. You have to use the
`UseLogin' option described in sshd_config(5) :
UseLogin
Specifies whether login(1) is used for interactive login ses-
sions. The default is ``no''. Note that login(1) is never used
for remote command execution. Note also, that if this is
enabled, X11Forwarding will be disabled because login(1) does not
know how to handle xauth(1) cookies. If UsePrivilegeSeparation
is specified, it will be disabled after authentication.
Apart from that, `AllowUsers' and `AllowGroups' have been mentioned
multiple times, but it might be easier to use `DenyUsers' and
`DenyGroups' options for the described situation.
Regards,
-- Jeremie Le Hen jeremie@le-hen.org _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Jim Hatfield: "Re: Question restricting ssh access for some users only"
- In reply to: Jim Hatfield: "Re: Question restricting ssh access for some users only"
- Next in thread: Jeremie Le Hen: "Re: Question restricting ssh access for some users only"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
