-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 gabriel wrote: | there are a couple ways, but the one i found worked best for me was to | configure pam to issue an "f-off" for users not in a "ssh_allowed" list | in /etc/ssh/: | | edit /etc/pam.d/ssh and add this line: | | auth required pam_listfile.so item=user sense=allow | file=/etc/ssh/sshd_allow onerr=fail | | | then create a list in /etc/ssh/sshd_allow and list the users that you're | cool with allowing access.
I belive this would disable other ssh related services things like sftp/scp (could be bad), but also allow say telnet or local login if it were existant on the box. The above solution is *very* ssh specific. Seems a bit more direct to make the shell /sbin/nologin. I'm going to hang onto the other idea tho because it could be quite useful in specific cases. Thoughts? - -Rick - -- Rick Johnson, RHCE - [EMAIL PROTECTED] Linux/WAN Administrator - Medata, Inc. PGP Public Key: https://mail.medata.com/pgp/rjohnson.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Signed and/or encpryted for everyone's protection. iEYEARECAAYFAj4fJvwACgkQIgQdhlSHZgM4DwCg+8QkzdXpwf0Fu2BPVpr4pmzd 6+cAoL5TbO6vtcisOc0VSAyA+J+1dO8W =x9uq -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
