-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jul 12, 2016 at 09:31:41AM -0400, Stefan Monnier wrote:
[...] > Indeed, I just saw those replies. Didn't know about AllowGroups. > > This said, it doesn't quite address my need: rather than say "only allow > SSH access to userfoo and userbar", I'd like to do "disallow non-GDM > access for userfoo and userbar". That would include the local Linux console? > The main issue is the difference between SSH and non-GDM: how do I make > sure non-GDM/non-SSH accesses are also disallowed? > > It's really something that should be addressed in PAM rather than in > SSH's config. Sounds about right, if I understood you correctly. Regards - -- t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAleE88IACgkQBcgs9XrR2kbxPwCaAn6VKsXq6cYezuoy/YSKhFbR HnQAn1MroKdtG4sFsS5PbhZVISxLA7Xn =zmnI -----END PGP SIGNATURE-----