#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2004
    Posts
    461
    Rep Power
    25

    Locking certain users out of ssh login


    I want to set up a ssh server so that only certain users can log in. I would like to have some type of file that I can just list the usernames that can login via ssh and if they are not in that list they are not allowed to log in. I am using freeBSD and openSSH. I just can't seem to find any options like above in configuration files.
  2. #2
  3. Banned ;)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Nov 2001
    Location
    Woodland Hills, Los Angeles County, California, USA
    Posts
    9,643
    Rep Power
    4247
    Simply change the shell of those you don't want to log in to /sbin/nologin. man chsh or vipw for more details.
    Up the Irons
    What Would Jimi Do? Smash amps. Burn guitar. Take the groupies home.
    "Death Before Dishonour, my Friends!!" - Bruce D ickinson, Iron Maiden Aug 20, 2005 @ OzzFest
    Down with Sharon Osbourne

    "I wouldn't hire a butcher to fix my car. I also wouldn't hire a marketing firm to build my website." - Nilpo
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Location
    Kentucky
    Posts
    59
    Rep Power
    11
    Open up sshd_config and add
    DenyGroups groupname

    Then create a group called groupname(or whatever you used instead) and add all non allowed users into it.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2004
    Posts
    461
    Rep Power
    25
    is there anything like AllowGroups, which will only allow users in the ground that I choice and deny everyoe else
  8. #5
  9. No Profile Picture
    Gödelian monster
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jul 1999
    Location
    Central Florida, USA
    Posts
    2,307
    Rep Power
    62
    When in doubt...

    #man sshd_config

    Works wonders. Since AllowGroups starts with A, you will actually see it without scrolling. Always 'man' the thing you are wondering about. 9 times out of 10 FreeBSD has a manpage for it.
    The real n-tier system:

    FreeBSD -> PostgreSQL -> [any_language] -> Apache -> Mozilla/XUL

    Amazon wishlist -- rycamor (at) gmail.com

IMN logo majestic logo threadwatch logo seochat tools logo