Hello all, I have a list of users on my machine and wish to only allow one non-priveledged user ssh access to the machine. This user will also be allowed to run the 'su' command to gain root access. How do I prevent the remaining users from being able to ssh onto this box? (users continue to argue about password complexity and the like so access to any external service is now nbeing removed forcibly.) Barry
Hi !
I have a list of users on my machine and wish to only allow one non-priveledged user ssh access to the machine. This user will also be allowed to run the 'su' command to gain root access.
How do I prevent the remaining users from being able to ssh onto this box?
--> man "sshd_config". Look for the "AllowUsers" option. Another way would be to allow login only with Keypairs (disable PasswordAuthentication) and enter only the public keys of the users allowed to login into their respective "~/.ssh/authorized_keys". HTH, Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
Hi, * Am 01.12.2003 (10:27) schrieb Barry Gill:
How do I prevent the remaining users from being able to ssh onto this box? (users continue to argue about password complexity and the like so access to any external service is now nbeing removed forcibly.)
Usually I solve this problem by creating a group ssh-users and adding all users that will be allowed to login via ssh to this group. This concepts minimzes my work in changing the sshd_config everytime a new user should have access. Then I set the AllowGroups option in sshd_config to ssh-users. HTH, -sa -- sa at programmers-world dot com http://www.livingit.de Boomarks online: http://www.mobile-bookmarks.info Soon available in english Mail geschrieben: Montag, den 01. Dezember 2003 um 11:17
participants (3)
-
Armin Schoech -
Barry Gill -
Sascha Andres