I think this is exactly what I am looking for. And Thanks Rick for the comment. I am using iptables to block all other access so ssh specific blocking is for me.
David --- Rick Johnson <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > gabriel wrote: > | there are a couple ways, but the one i found > worked best for me was to > | configure pam to issue an "f-off" for users not in > a "ssh_allowed" list > | in /etc/ssh/: > | > | edit /etc/pam.d/ssh and add this line: > | > | auth required pam_listfile.so > item=user sense=allow > | file=/etc/ssh/sshd_allow onerr=fail > | > | > | then create a list in /etc/ssh/sshd_allow and list > the users that you're > | cool with allowing access. > > I belive this would disable other ssh related > services things like sftp/scp > (could be bad), but also allow say telnet or local > login if it were existant > on the box. The above solution is *very* ssh > specific. > > Seems a bit more direct to make the shell > /sbin/nologin. > > I'm going to hang onto the other idea tho because it > could be quite useful > in specific cases. > > Thoughts? > - -Rick > > > - -- > Rick Johnson, RHCE - [EMAIL PROTECTED] > Linux/WAN Administrator - Medata, Inc. > PGP Public Key: > https://mail.medata.com/pgp/rjohnson.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (MingW32) > Comment: Signed and/or encpryted for everyone's > protection. > > iEYEARECAAYFAj4fJvwACgkQIgQdhlSHZgM4DwCg+8QkzdXpwf0Fu2BPVpr4pmzd > 6+cAoL5TbO6vtcisOc0VSAyA+J+1dO8W > =x9uq > -----END PGP SIGNATURE----- > > > > -- > redhat-list mailing list > unsubscribe > mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
