Solved

BLOCK SSH FOR CERTAIN USERS

Posted on 2006-10-29
6
341 Views
Last Modified: 2010-04-22
Hi,

How can I block a certain user from be able to SSH to a system?


Thank You
0
Comment
Question by:vreyesii
6 Comments
 
LVL 6

Accepted Solution

by:
JJSmith earned 200 total points
ID: 17828791

You can play around with privileges to keep ceratin users away from the ssh command. But if you are the adminstrator, I always find the simple answer is to replace the real command with a script - with simple logic as follows:

#script in place of /usr/bin/ssh ( which has been moved to /usr/bin/hide_ssh )

#lookup user in banned list - e.g

if [ `grep -c $LOGNAME /etc/banned_ssh` -ne 0 ]
   then
        exit 1                                     # exit if the user in banned list.
   else
        /usr/bin/hide_ssh "$*"            # otherwise execute real ssh command with original arguments.
fi


The above is an idea - not a literal solution.

Cheers
JJ
0
 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 200 total points
ID: 17828842
If it's openssh there are configuartion Options like
AllowUsers
DenyUsers
AllowGroups
DenyGroups
openssh config is usually /etc/ssh/sshd_config
Read: man sshd_config
0
 

Author Comment

by:vreyesii
ID: 17828957
I am trying to this in AIX. Will that work?

Thanks
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 
LVL 43

Expert Comment

by:ravenpl
ID: 17828986
> I am trying to this in AIX. Will that work?
Do You use openssh? It will.
http://www.openssh.org/portable.html says it's available on AIX.
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 100 total points
ID: 17829972
From memory, I think all recent versions of ssh have basic ACL's.

Look in /etc/ssh/sshd_config

0
 

Author Comment

by:vreyesii
ID: 17871826
Thanks all for your help.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question