Re: user selection for ssh connections

From: Phil Park (philp@csds.uidaho.edu)
Date: 11/29/01 

Date: Wed, 28 Nov 2001 21:11:44 -0800 (PST)
From: Phil Park <philp@csds.uidaho.edu>
To: "james d. butler" <jamesDB@rocketmail.com>
Subject: Re: user selection for ssh connections
Message-ID: <Pine.LNX.4.30.0111282106480.19718-100000@megatron.csds.uidaho.edu>

-----BEGIN PGP SIGNED MESSAGE-----

By excluding them from SSH, I assume that you do not want them to have shell access.

How about changing their shells? That's what we do when we crack a password with John the Ripper. The disabled shell will give an error message, kick them out, but still give them web/ftp/mail access.

#!/bin/sh

echo "WARNING! ACCOUNT DISABLED!"
echo ""
echo "Your account has been cracked, and the password "
echo "has not been changed by the requested deadline. Please "
echo "see the System Administrators "
echo "to get your account re-enabled."
/bin/sleep 10
exit 1

- --
phil park
system administrator
philp@uidaho.edu
208.885.5562 (phone)
208.885.7099 (fax)
419.730.3247 (e-fax)
http://www.csds.uidaho.edu

On Tue, 27 Nov 2001, james d. butler wrote:

> Is it possible to exclude individual users from connecting via
> SSH? I'd like to have a list of users that are allowed to
> connect and a list of those that are not. Can it be done? If
> so, how?
>
> TIA - james
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
> http://geocities.yahoo.com/ps/info1
>

- - -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.5.8

mQENAzllGJoAAAEIAJy3lkt/ppE5RSnc5scbwgBIDJIurUPVCtuaucL/OjtSgtlp
QM1jKAHSBug+ZcZe8GJwd7mK1xS/UPHUQ7CQn8eN9uTOL0ydxkZXlGIbUVLhuKG9
m1tmCNAZ3K7atZJjOujJgyp9XSl++y1OX1jbIGK90vW/HyDXZWb6l2U68I9fXCsK
+Qk1EFvzebySyt2cmfXsshh2uO/aC6is5557zSzad4SBq+RhLvOYo1YwHUE5nd4h
dwPZAn62+WMaQJ06ltKmWcv/TYCZBi61iv4W6Dj9h1IB9uwob51+1ZGsD96/P+Qz
CROxVPSiXgfv/sxexxhHwz6Mjw4pUN3h4XDzzhcABRG0EHBoaWxwQHVpZGFoby5l
ZHWJARUDBRA5ZRiaUN3h4XDzzhcBAQUaB/4p/SI/pVqBEYOpNrVr7t/Y5g33UeEz
3G3tY9ysekn2Fhcx6/qxJlQ+3g4UhgXC5NDTxRu0FV2I7+7xNjkwbgYBB+o5W2Ds
Qgifil0ycIA/7nj6X1Y30LDfKP+9LGlLi/yVs7xyRffnAgKxBLbJUs4Y+5Wc3Hhr
KHuJZI8gPbl8NB+bXB32+h2Tpeex/h4Yc8vJu/fQMspTqTaVQCzINR2snOauQf7F
wqxHSxsiNsFDUccHqvaHM+SWuE3YssjVwV9huRAkCKuwGswwictzu6S5/RhtVE5A
WdC4g9GA+/EbAuCL/m5artzN7VUca1FV5ZvtMO3edaNuX0K7FdumLdlPtBVwaGls
cEBjc2RzLnVpZGFoby5lZHWJARUDBRA6wQztUN3h4XDzzhcBAYIMB/9TACcnHZ32
vGUbKyNNZFOKBmejxzifxos9n0HVvfmfxPZk2Auq/qRNs8ETOWMT5yexBhefTHWs
6ML4wImNsZdok2TBaGsc0HqKJTvWMTKxGM6w9jYvtFoWNbVrF6hMOXYT7bjz+nxX
BkXjCvQZIo1bLzaAs5T1CNUyVgT4Mw/dw8jMCxWVmpdsVwq2vhjnLM0DsoQnmzxi
/NI7FxwqzRJ0pPLcdrr3nh0+kUPc1Bx9v0WrUzZDMTZCtmJPgW3C4tnhjKGsC4LO
FL7A70OFQmKTdM5dOUH2VkLpzcRMzYVI/5tvLmhnvdAoBKlxFige9rnwSZkn6GYR
AxfdbibLe6Zx
=9Y4g
- - -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQEVAwUBPAXDOlDd4eFw884XAQFK0Qf8C6Z1TKDRrbzxcS1BNWGuiBPMyx90b0rI
u5qFLeq0M2KjZ+x8dMnk2dmz7WFUvUP5RAnuTpm2+4IWRJ8kE+bnb+TFpMqxlWVB
KN5ZW5ik49FOB8bCQv87CbFJ6ti+y4g5UOG7DAAjKwDwcr+20hBKyp758qkNGeOH
ty7SlvL46OFE8DW5B/v91pDna1rlYDPKLyarlxODD6o3jMtt9vXyaxl7sm+i/hEA
DUrx9vrw6Ni9h9lqmRi3sMHw6819bWU4L5OwPSshyX2OZSD0+t1fNL+mIB/++q25
PuZPsRFubETo42qCOvuT075DaOlRf5Ff1kJZf44iEnKeiA5bDz5L2A==
=TNsF
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: WTF? Printing unicode strings
    ... variable to Linux and python will know that your terminal is utf-8. ... ssh clients don't transfer it between machines. ... What version of python and what shell do you run? ... ron@www01:~$ echo $SHELL ...
    (comp.lang.python)
  • Re: WTF? Printing unicode strings
    ... variable to Linux and python will know that your terminal is utf-8. ... ssh clients don't transfer it between machines. ... What version of python and what shell do you run? ... ron@www01:~$ echo $SHELL ...
    (comp.lang.python)
  • Re: SFTP is not working
    ... When I try to use sftp or scp2, I get a message like this: ... sftp and scp2 both actually work by running ssh in a subprocess, ... The reason the shell startup files are relevant at all, ...
    (comp.security.ssh)
  • Re: Did you hack into my UNIX server Bible Bob?
    ... But that's not a shell question. ... >> OSX users, should I be using ssh instead of telnet for security? ... OSX as a built in firewall tab. ...
    (comp.unix.shell)
  • Re: using ssh to run remote commands? [ssh -T, scp/ssh flags]
    ... I use SSH to forward connections between an intranet server at home and my ... To do this, the user on the remote machine need not have a shell, either ... start a shell on the remote host, ... you can have ssh run a command instead of an interactive shell by ...
    (FreeBSD-Security)