How to dynamically restrict SSH access to a given user
- From: "Fabio Brazzo" <fabio@xxxxxxxxx>
- Date: Wed, 1 Dec 2010 12:42:09 +0100
The goal here is to create a script to easily manage reservation for a
machine. When a user reserve the machine, it should be the only one able
to access the machine for a given time (except admins of course).
I already found a solution with PAM. This single line in /etc/pam.d/sshd
would have resolve my problem:
auth required pam_listfile.so item=user sense=allow
file=/etc/ssh/sshd.allow onerr=fail
with the user login in /etc/ssh/sshd.allow
But it does not work at all:
$ cat /etc/ssh/sshd.allow foo $ tail -f /var/log/auth.log Dec 1
12:12:05 mini sshd[2697]: Accepted publickey for bar from 192.168.0.11
port 58087 ssh2 Dec 1 12:12:05 mini sshd[2697]: pam_unix(sshd:session):
session opened for user bar by (uid=0)
I am running a Debian Squeeze box, I don't know if the behaviour of PAM is
different with this.
Visualizza articolo...
<http://serverfault.com/questions/207799/how-to-dynamically-restrict-ssh-access-to-a-given-user>
- Follow-Ups:
- Re: How to dynamically restrict SSH access to a given user
- From: Man-wai Chang
- Re: How to dynamically restrict SSH access to a given user
- Prev by Date: Re: ssh connect back?
- Next by Date: what causes slow ssh connection and slow mysql connection on local server?
- Previous by thread: [Python] Libs for work with SSH
- Next by thread: Re: How to dynamically restrict SSH access to a given user
- Index(es):
