Re: Question restricting ssh access for some users only

From: Jeremie Le Hen (jeremie_at_le-hen.org)
Date: 10/08/04

  • Next message: Jeremie Le Hen: "Re: Question restricting ssh access for some users only"
    Date: Fri, 8 Oct 2004 18:18:12 +0200
    To: Jim Hatfield <subscriber@insignia.com>
    
    

    > >have you tried using /etc/login.access?
    >
    > Hmm, looks like sshd does not consult this file!

    login.conf(5) is indeed the configuration file for login(1) which is
    not used sshd(8) with the default configuration. You have to use the
    `UseLogin' option described in sshd_config(5) :

         UseLogin
                 Specifies whether login(1) is used for interactive login ses-
                 sions. The default is ``no''. Note that login(1) is never used
                 for remote command execution. Note also, that if this is
                 enabled, X11Forwarding will be disabled because login(1) does not
                 know how to handle xauth(1) cookies. If UsePrivilegeSeparation
                 is specified, it will be disabled after authentication.

    Apart from that, `AllowUsers' and `AllowGroups' have been mentioned
    multiple times, but it might be easier to use `DenyUsers' and
    `DenyGroups' options for the described situation.

    Regards,

    -- 
    Jeremie Le Hen
    jeremie@le-hen.org
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    

  • Next message: Jeremie Le Hen: "Re: Question restricting ssh access for some users only"