How to dynamically restrict SSH access to a given user




The goal here is to create a script to easily manage reservation for a
machine. When a user reserve the machine, it should be the only one able
to access the machine for a given time (except admins of course).

I already found a solution with PAM. This single line in /etc/pam.d/sshd
would have resolve my problem:

auth required pam_listfile.so item=user sense=allow
file=/etc/ssh/sshd.allow onerr=fail

with the user login in /etc/ssh/sshd.allow

But it does not work at all:

$ cat /etc/ssh/sshd.allow foo $ tail -f /var/log/auth.log Dec 1
12:12:05 mini sshd[2697]: Accepted publickey for bar from 192.168.0.11
port 58087 ssh2 Dec 1 12:12:05 mini sshd[2697]: pam_unix(sshd:session):
session opened for user bar by (uid=0)

I am running a Debian Squeeze box, I don't know if the behaviour of PAM is
different with this.


Visualizza articolo...
<http://serverfault.com/questions/207799/how-to-dynamically-restrict-ssh-access-to-a-given-user>