?
Solved

BLOCK SSH FOR CERTAIN USERS

Posted on 2006-10-29
6
Medium Priority
?
376 Views
Last Modified: 2010-04-22
Hi,

How can I block a certain user from be able to SSH to a system?


Thank You
0
Comment
Question by:vreyesii
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 6

Accepted Solution

by:
JJSmith earned 800 total points
ID: 17828791

You can play around with privileges to keep ceratin users away from the ssh command. But if you are the adminstrator, I always find the simple answer is to replace the real command with a script - with simple logic as follows:

#script in place of /usr/bin/ssh ( which has been moved to /usr/bin/hide_ssh )

#lookup user in banned list - e.g

if [ `grep -c $LOGNAME /etc/banned_ssh` -ne 0 ]
   then
        exit 1                                     # exit if the user in banned list.
   else
        /usr/bin/hide_ssh "$*"            # otherwise execute real ssh command with original arguments.
fi


The above is an idea - not a literal solution.

Cheers
JJ
0
 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 800 total points
ID: 17828842
If it's openssh there are configuartion Options like
AllowUsers
DenyUsers
AllowGroups
DenyGroups
openssh config is usually /etc/ssh/sshd_config
Read: man sshd_config
0
 

Author Comment

by:vreyesii
ID: 17828957
I am trying to this in AIX. Will that work?

Thanks
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 43

Expert Comment

by:ravenpl
ID: 17828986
> I am trying to this in AIX. Will that work?
Do You use openssh? It will.
http://www.openssh.org/portable.html says it's available on AIX.
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 400 total points
ID: 17829972
From memory, I think all recent versions of ssh have basic ACL's.

Look in /etc/ssh/sshd_config

0
 

Author Comment

by:vreyesii
ID: 17871826
Thanks all for your help.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month10 days, 2 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question