Solved

BLOCK SSH FOR CERTAIN USERS

Posted on 2006-10-29
6
337 Views
Last Modified: 2010-04-22
Hi,

How can I block a certain user from be able to SSH to a system?


Thank You
0
Comment
Question by:vreyesii
6 Comments
 
LVL 6

Accepted Solution

by:
JJSmith earned 200 total points
Comment Utility

You can play around with privileges to keep ceratin users away from the ssh command. But if you are the adminstrator, I always find the simple answer is to replace the real command with a script - with simple logic as follows:

#script in place of /usr/bin/ssh ( which has been moved to /usr/bin/hide_ssh )

#lookup user in banned list - e.g

if [ `grep -c $LOGNAME /etc/banned_ssh` -ne 0 ]
   then
        exit 1                                     # exit if the user in banned list.
   else
        /usr/bin/hide_ssh "$*"            # otherwise execute real ssh command with original arguments.
fi


The above is an idea - not a literal solution.

Cheers
JJ
0
 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 200 total points
Comment Utility
If it's openssh there are configuartion Options like
AllowUsers
DenyUsers
AllowGroups
DenyGroups
openssh config is usually /etc/ssh/sshd_config
Read: man sshd_config
0
 

Author Comment

by:vreyesii
Comment Utility
I am trying to this in AIX. Will that work?

Thanks
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 43

Expert Comment

by:ravenpl
Comment Utility
> I am trying to this in AIX. Will that work?
Do You use openssh? It will.
http://www.openssh.org/portable.html says it's available on AIX.
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 100 total points
Comment Utility
From memory, I think all recent versions of ssh have basic ACL's.

Look in /etc/ssh/sshd_config

0
 

Author Comment

by:vreyesii
Comment Utility
Thanks all for your help.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now