Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

BLOCK SSH FOR CERTAIN USERS

Posted on 2006-10-29
6
Medium Priority
?
384 Views
Last Modified: 2010-04-22
Hi,

How can I block a certain user from be able to SSH to a system?


Thank You
0
Comment
Question by:vreyesii
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 6

Accepted Solution

by:
JJSmith earned 800 total points
ID: 17828791

You can play around with privileges to keep ceratin users away from the ssh command. But if you are the adminstrator, I always find the simple answer is to replace the real command with a script - with simple logic as follows:

#script in place of /usr/bin/ssh ( which has been moved to /usr/bin/hide_ssh )

#lookup user in banned list - e.g

if [ `grep -c $LOGNAME /etc/banned_ssh` -ne 0 ]
   then
        exit 1                                     # exit if the user in banned list.
   else
        /usr/bin/hide_ssh "$*"            # otherwise execute real ssh command with original arguments.
fi


The above is an idea - not a literal solution.

Cheers
JJ
0
 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 800 total points
ID: 17828842
If it's openssh there are configuartion Options like
AllowUsers
DenyUsers
AllowGroups
DenyGroups
openssh config is usually /etc/ssh/sshd_config
Read: man sshd_config
0
 

Author Comment

by:vreyesii
ID: 17828957
I am trying to this in AIX. Will that work?

Thanks
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 43

Expert Comment

by:ravenpl
ID: 17828986
> I am trying to this in AIX. Will that work?
Do You use openssh? It will.
http://www.openssh.org/portable.html says it's available on AIX.
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 400 total points
ID: 17829972
From memory, I think all recent versions of ssh have basic ACL's.

Look in /etc/ssh/sshd_config

0
 

Author Comment

by:vreyesii
ID: 17871826
Thanks all for your help.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question