[TriLUG] Limit ssh access

Greg Cox glcox at pobox.com
Tue Jan 22 13:16:24 EST 2002


> I think ssh/sshd has been modified to use PAM, so you could probably
> set up a /etc/pam.d/sshd config file.  I have never understood PAM
> configuration (despite reading the docs), so I can't help you with
> that part.

This one's not too hard.  Based on a RH7.2 box:

1) Copy /etc/security/access.conf to /etc/security/sshd_access.conf

2) Modify /etc/security/sshd_access.conf to taste.
For the mail server at work, where a lot of people have accounts but
I don't want the riffraff to get shell access:

+:adminuser1:ALL
+:adminuser2:ALL
-:ALL:ALL

I'm sure I could be more elegant with a group, but.

3) Add to /etc/pam.d/sshd:
account  required  /lib/security/pam_access.so accessfile=/etc/security/sshd_access.conf





More information about the TriLUG mailing list