RE: ssh & telnet quirks

Tue, 29 Jan 2002 04:38:49 -0800 

thanks damion, and ben - you have helped no end!

regards

warwick brown

-----Original Message-----
From: Damion Parry [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 29, 2002 11:51 AM
To: [EMAIL PROTECTED]
Subject: Re: ssh & telnet quirks


Right, this is how the login/telnet etc priveledges work:

The login priv was designed as the ability for a user (usually admin) to
grant the telnet priv. It is at the discretion of the root user on the
hosting server to determine those allowed to grant the telnet priv (by
having login).

Now, if you wish to allow a vs admin to determine who is allowed ssh as
well as telnet access, then change to /etc/pam.d/sshd to read as
follows:

#%PAM-1.0
auth       required     /lib/security/pam_pwdb.so shadow nodelay
auth       required     /lib/security/pam_nologin.so
auth       required     /lib/security/pam_vsd.so priv=telnet         
#this line changed
account    required     /lib/security/pam_pwdb.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_pwdb.so shadow nullok
use_authtok
session    required     /lib/security/pam_pwdb.so
session    required     /lib/security/pam_limits.so

then admin can grant telnet to a user and everything works fine. Now,
the reason that sshd was changed to login as the default was to log the
box down as much as possible, in those situations that need it (and if
it isn't one of those situations then telnet will usually suffice). 

So thats why and how. As a result of this thread we will be reviewing
how this works so let us know your hows and whys. 
HTH,
Damion.
------------------------- The freeVSD Support List
--------------------------
Subscribe:   mailto:[EMAIL PROTECTED]?body=subscribe%20freevsd-support
Unsubscribe: mailto:[EMAIL PROTECTED]?body=unsubscribe%20freevsd-support
Archives:    http://freevsd.org/support/mail-archives/freevsd-support
----------------------------------------------------------------------------
-
------------------------- The freeVSD Support List --------------------------
Subscribe:   mailto:[EMAIL PROTECTED]?body=subscribe%20freevsd-support
Unsubscribe: mailto:[EMAIL PROTECTED]?body=unsubscribe%20freevsd-support
Archives:    http://freevsd.org/support/mail-archives/freevsd-support
-----------------------------------------------------------------------------

Reply via email to