How do I restrict SSH to certain users

How do I restrict SSH to certain users

Post by Todd Jord » Tue, 07 Aug 2001 13:08:37



Does anyone know how to restrict SSH to certain users?  I want to be
able to log in from anywhere, so I don't want to restrict by ip, but
only want certain users to be able to.  For instance my wifes account
doesn't need to, she just gets email.

         -Todd

 
 
 

How do I restrict SSH to certain users

Post by Micha3 Hryciu » Tue, 07 Aug 2001 13:53:15


Quote:> Does anyone know how to restrict SSH to certain users?  I want to be
> able to log in from anywhere, so I don't want to restrict by ip, but
> only want certain users to be able to.  For instance my wifes account
> doesn't need to, she just gets email.

Use DenyUsers option in /etc/sshd/sshd_config
e.g. DenyUsers username1 username2 username*

Michal

 
 
 

How do I restrict SSH to certain users

Post by antoni » Tue, 07 Aug 2001 15:56:46


Also you can change the default login on the passwd file, once you created a
user the passwd file creates a shell to loginlike

/bin/bash

change that to

/bin/false or /dev/null

make sure you add this on your shell groups this accounts wno't be able to
login with telnet, ftp or any othe rmeans to your box, except to get mail


Quote:> Does anyone know how to restrict SSH to certain users?  I want to be
> able to log in from anywhere, so I don't want to restrict by ip, but
> only want certain users to be able to.  For instance my wifes account
> doesn't need to, she just gets email.

>          -Todd

 
 
 

How do I restrict SSH to certain users

Post by bruc » Wed, 08 Aug 2001 02:19:25



> Does anyone know how to restrict SSH to certain users?  I want to be
> able to log in from anywhere, so I don't want to restrict by ip, but
> only want certain users to be able to.  For instance my wifes account
> doesn't need to, she just gets email.

>          -Todd

use AllowUsers
"if specified, login is allowed ONLY for users whose primary group
matches one of the patterns..."

I use

this allows me from outside, anybody from inside

 
 
 

How do I restrict SSH to certain users

Post by Oliver Enzman » Mon, 13 Aug 2001 08:11:49



> Does anyone know how to restrict SSH to certain users?  I want to be
> able to log in from anywhere, so I don't want to restrict by ip, but
> only want certain users to be able to.  For instance my wifes account
> doesn't need to, she just gets email.

You could also do this using the pam_access or pam_listfile modules
(and probably other modules as well).

--Oliver

 
 
 

How do I restrict SSH to certain users

Post by Adam KOS » Mon, 13 Aug 2001 21:18:21


:
:> Does anyone know how to restrict SSH to certain users?  I want to be
:> able to log in from anywhere, so I don't want to restrict by ip, but
:> only want certain users to be able to.  For instance my wifes account
:> doesn't need to, she just gets email.
:

There are several solutions for this problem.  I believe that the quickest
one is to disable the shell for those people who you do not want to login.

But since you already know, that your wife only uses her account for
e-mails, you have a smarter solution.

Patch exim and qpopper to do authentication from mysql, and then you do
not need to create a login.  Exim is what i use, but other smtp daemons
can be used.  The same applies for the pop daemon.

cheers
adam

 
 
 

How do I restrict SSH to certain users

Post by S C Rigl » Mon, 13 Aug 2001 22:19:59


Look at '/etc/ssh/sshd_config'.  The AllowUsers option might
be what your looking for.  If you haven't edited this in the
past then you might want to look at denying root the ability
to login (change 'PermitRootLogin' to 'No').

-S


>:
>:> Does anyone know how to restrict SSH to certain users?  I want to be
>:> able to log in from anywhere, so I don't want to restrict by ip, but
>:> only want certain users to be able to.  For instance my wifes account
>:> doesn't need to, she just gets email.
>:

 
 
 

1. SSH how to restrict remote access to certain domains or certain users ?

hi :)

i'd like to enable remote access via ssh to my private computer on the
internet.
(so far my firewall prohibits any access)

yet, i want to restrickt access to certain domains or certain users!

how do i configure that? sorry, i am fairly new to linux (suse 7.0)

do i have to add some statements to the files /etc/hosts.allow or
/etc/hosts.deny?
if yes, please tell me which statements to add :)

thank your very much for your help

cu
ingo

you may answer in english or german :-)

2. Automatic mail forwarding question

3. need to restrict users doing a su to a selected group of users

4. iBook Linux

5. Trying to move a ton of files...

6. need to restrict users from doing a su to a selected group of users

7. Strange behavior on exiting X-windows

8. Q: restricting user from logging in certain tty's

9. How to restrict hosts for certain users?

10. How do I restrict site users acces to certain folders

11. restricting certain users from loggin in

12. userdir restricted to certain users- want to split one server into 2 seperate servers