Solved

BLOCK SSH FOR CERTAIN USERS

Posted on 2006-10-29
6
346 Views
Last Modified: 2010-04-22
Hi,

How can I block a certain user from be able to SSH to a system?


Thank You
0
Comment
Question by:vreyesii
6 Comments
 
LVL 6

Accepted Solution

by:
JJSmith earned 200 total points
ID: 17828791

You can play around with privileges to keep ceratin users away from the ssh command. But if you are the adminstrator, I always find the simple answer is to replace the real command with a script - with simple logic as follows:

#script in place of /usr/bin/ssh ( which has been moved to /usr/bin/hide_ssh )

#lookup user in banned list - e.g

if [ `grep -c $LOGNAME /etc/banned_ssh` -ne 0 ]
   then
        exit 1                                     # exit if the user in banned list.
   else
        /usr/bin/hide_ssh "$*"            # otherwise execute real ssh command with original arguments.
fi


The above is an idea - not a literal solution.

Cheers
JJ
0
 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 200 total points
ID: 17828842
If it's openssh there are configuartion Options like
AllowUsers
DenyUsers
AllowGroups
DenyGroups
openssh config is usually /etc/ssh/sshd_config
Read: man sshd_config
0
 

Author Comment

by:vreyesii
ID: 17828957
I am trying to this in AIX. Will that work?

Thanks
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 43

Expert Comment

by:ravenpl
ID: 17828986
> I am trying to this in AIX. Will that work?
Do You use openssh? It will.
http://www.openssh.org/portable.html says it's available on AIX.
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 100 total points
ID: 17829972
From memory, I think all recent versions of ssh have basic ACL's.

Look in /etc/ssh/sshd_config

0
 

Author Comment

by:vreyesii
ID: 17871826
Thanks all for your help.
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question