[TriLUG] Limit ssh access
glcox at pobox.com
Tue Jan 22 13:16:24 EST 2002
> I think ssh/sshd has been modified to use PAM, so you could probably
> set up a /etc/pam.d/sshd config file. I have never understood PAM
> configuration (despite reading the docs), so I can't help you with
> that part.
This one's not too hard. Based on a RH7.2 box:
1) Copy /etc/security/access.conf to /etc/security/sshd_access.conf
2) Modify /etc/security/sshd_access.conf to taste.
For the mail server at work, where a lot of people have accounts but
I don't want the riffraff to get shell access:
I'm sure I could be more elegant with a group, but.
3) Add to /etc/pam.d/sshd:
account required /lib/security/pam_access.so accessfile=/etc/security/sshd_access.conf
More information about the TriLUG