Re: user selection for ssh connections

From: Matthew Palmer (mjp16@ieee.uow.edu.au)
Date: 11/29/01


Date: Thu, 29 Nov 2001 12:39:30 +1100 (EST)
From: Matthew Palmer <mjp16@ieee.uow.edu.au>
To: "james d. butler" <jamesDB@rocketmail.com>
Subject: Re: user selection for ssh connections
Message-ID: <Pine.LNX.4.10.10111291236140.16614-100000@anode.ieee.uow.edu.au>

On Tue, 27 Nov 2001, james d. butler wrote:

> Is it possible to exclude individual users from connecting via
> SSH? I'd like to have a list of users that are allowed to
> connect and a list of those that are not. Can it be done? If
> so, how?

Defining your system would help - I have no idea how to do it under Windows,
for instance...

But, for any system in which SSH uses PAM, you can use the pam_access.so
module, and modify /etc/security/access.conf to do something like:

+:joe mary foo:ALL

-:baduser baduser2:ALL

That'll let joe, mary, and foo on, and not let baduser or baduser2 on.
It'll let anyone else on, because if the person isn't found in there it
assumes access is granted. If you want default-deny,

-:ALL:ALL

will give you that, if put AT THE BOTTOM OF THE FILE.

Works for me on a Debian Linux system, and I would presume anything else
which uses an equivalent pam_access.so.

The module could be a lot smarter, but it's better than nowt.

-- 
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer
mjp16@ieee.uow.edu.au



Relevant Pages

  • Re: well, try here first...
    ... I assume your "HW firewall" protects you to the outside. ... course it should allow SSH connections from the outside to ... I could ssh out and then ssh back to tao. ... rt., and this is fedora, my least fav distro. ...
    (freebsd-questions)
  • Re: well, try here first...
    ... I assume your "HW firewall" protects you to the outside. ... course it should allow SSH connections from the outside to ... I could ssh out and then ssh back to tao. ... rt., and this is fedora, my least fav distro. ...
    (freebsd-questions)
  • Re: Problem with firewall and SSH port forwarding
    ... CG> I'm trying to restrict access to my machine by restricting the IP ... CG> addresses from which outside ssh connections can be made. ... CG> The 'client' is trying to do the following:- ...
    (comp.security.ssh)
  • Re: Establishing SSH connections are slow due to Kerberos and pulickey authentication
    ... and that was delaying ssh connection. ... Usually when I see this behavior, it is related to an DNS issue as you ... Establishing SSH connections are slow due to Kerberos and pulic ... A couple of weeks ago some of our servers started hanging for a while ...
    (RedHat)
  • Re: Fedora 9 and Suse 11.0 ssh do not work together
    ... Ssh does not work between F9 and Suse 11.0. ... Ssh from F9 to OpenBSD works. ... blocking incoming SSH connections, but you should be getting the same ...
    (Fedora)