On Fri, Aug 03, 2001 at 12:46:10PM -0500, David Ehle wrote: > 1. How to dissallow network connections to this guest account? I don't > want anyone ssh'ing in, but I still want to be able to remotely administer > the machines.
man sshd -- DenyUsers This keyword can be followed by a number of user names, separated by spaces. Login is disallowed for user names that match one of the patterns. `*' and `?' can be used as wildcards in the patterns. Only user names are valid, a numerical user id isn't recognized. By default login is allowed regardless of the username. there are similar DenyGroups, AllowUsers, and AllowGroups directives, too. This is *the* simplest solution. If you're PAM-savvy, there are options there, too (easiest is to use pam_listfile to allow/deny access to people listed in a particular file). However, it's really easy to shoot yourself in the foot with PAM. Plus, you'd certainly want to disable any other network access methods you can (ftp and friends). If all the people need to do is browse the web and ssh out, you can also make a firewall rule that allows traffic to and from any remote hosts port 22, 80, or 443. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]