Re: [gentoo-user] Disable remote login for certain user

2009-01-17 Thread Norberto Bensa
On Saturday January 17 2009 03:28:07 Grant wrote: an ssh config setting, in shorewall, or somewhere else? You can: 1) use pam as described by Mike or 2) use sshd_config AllowUsers or 3) What I usually do is, disable pam in ssh so only keys are accepted. Only if you have the key, you can

Re: [gentoo-user] Disable remote login for certain user

2009-01-17 Thread Grant
an ssh config setting, in shorewall, or somewhere else? You can: 1) use pam as described by Mike or 2) use sshd_config AllowUsers Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd is the only service running on the system. - Grant or 3) What I usually do is,

Re: [gentoo-user] Disable remote login for certain user

2009-01-17 Thread Grant
Should I do that via an ssh config setting, in shorewall, or somewhere else? I believe the right way would be to add 'account required pam_access.so' line to /etc/pam.d/system-auth and define login restrictions in /etc/securety/access.conf (it's also quite well documented). That way you'll

Re: [gentoo-user] Disable remote login for certain user

2009-01-17 Thread Volker Armin Hemmann
On Samstag 17 Januar 2009, Grant wrote: an ssh config setting, in shorewall, or somewhere else? You can: 1) use pam as described by Mike or 2) use sshd_config AllowUsers Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd is the only service running on the

Re: [gentoo-user] Disable remote login for certain user

2009-01-17 Thread Grant
an ssh config setting, in shorewall, or somewhere else? You can: 1) use pam as described by Mike or 2) use sshd_config AllowUsers Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd is the only service running on the system. I really would not do that.

Re: [gentoo-user] Disable remote login for certain user

2009-01-17 Thread Dale
Grant wrote: an ssh config setting, in shorewall, or somewhere else? You can: 1) use pam as described by Mike or 2) use sshd_config AllowUsers Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd is the only service running on the system. I

Re: [gentoo-user] Disable remote login for certain user

2009-01-17 Thread Volker Armin Hemmann
On Samstag 17 Januar 2009, Grant wrote: an ssh config setting, in shorewall, or somewhere else? You can: 1) use pam as described by Mike or 2) use sshd_config AllowUsers Thanks a lot, I went with 'AllowUsers root' in sshd_config since sshd is the only service

Re: [gentoo-user] Disable remote login for certain user

2009-01-17 Thread Mike Kazantsev
On Sat, 17 Jan 2009 10:50:31 -0800 Grant emailgr...@gmail.com wrote: Can anyone tell me how to find out which users on a system have a login shell (e.g. not /bin/nologin)? echo 'Unavailable user accounts:'; for usr in `cat /etc/passwd`; do usr=${usr%%:*}; exit | su $usr /dev/null 21 || echo

Re: [gentoo-user] Disable remote login for certain user

2009-01-16 Thread Mike Kazantsev
On Fri, 16 Jan 2009 21:28:07 -0800 Grant emailgr...@gmail.com wrote: Should I do that via an ssh config setting, in shorewall, or somewhere else? I believe the right way would be to add 'account required pam_access.so' line to /etc/pam.d/system-auth and define login restrictions in