Re: user selection for ssh connections
From: Matthew Palmer (mjp16@ieee.uow.edu.au)Date: 11/29/01
- Previous message: Guillermo Ontañón: "Re: user selection for ssh connections"
- In reply to: james d. butler: "user selection for ssh connections"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Nov 2001 12:39:30 +1100 (EST) From: Matthew Palmer <mjp16@ieee.uow.edu.au> To: "james d. butler" <jamesDB@rocketmail.com> Subject: Re: user selection for ssh connections Message-ID: <Pine.LNX.4.10.10111291236140.16614-100000@anode.ieee.uow.edu.au>
On Tue, 27 Nov 2001, james d. butler wrote:
> Is it possible to exclude individual users from connecting via
> SSH? I'd like to have a list of users that are allowed to
> connect and a list of those that are not. Can it be done? If
> so, how?
Defining your system would help - I have no idea how to do it under Windows,
for instance...
But, for any system in which SSH uses PAM, you can use the pam_access.so
module, and modify /etc/security/access.conf to do something like:
+:joe mary foo:ALL
-:baduser baduser2:ALL
That'll let joe, mary, and foo on, and not let baduser or baduser2 on.
It'll let anyone else on, because if the person isn't found in there it
assumes access is granted. If you want default-deny,
-:ALL:ALL
will give you that, if put AT THE BOTTOM OF THE FILE.
Works for me on a Debian Linux system, and I would presume anything else
which uses an equivalent pam_access.so.
The module could be a lot smarter, but it's better than nowt.
-- ----------------------------------------------------------------------- #include <disclaimer.h> Matthew Palmer mjp16@ieee.uow.edu.au
- Previous message: Guillermo Ontañón: "Re: user selection for ssh connections"
- In reply to: james d. butler: "user selection for ssh connections"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
