On Wed, 2003-09-10 at 09:38, Carl Cerecke wrote: > Is there a way that I can restrict logins of these two usernames to the > display manager only (gdm for RH9)? Or, perhaps, not allow ssh logins > unless from localhost? (I hope I haven't got telnetd running). I'm only > on dial-up, and the IP changes with each connection, but it is not > terribly difficult to get in if you know how.
Off the top of my head, how about looking at PAM? That should be able to restrict the account to being used only by login/gdm ... Instead of "restricting ssh", restrict everything and "enable login", so that you don't have to worry about ftp, etc ... -jim
