Re: [plug] deny ssh access to local users

[Jon C. Viardo]

Changing your users' shell to /sbin/nologin will deny them from 
accessing your shell. While AllowUsers and AllowGroups directives of 
your sshd_config file will limit the users that can access your box 
remotely using ssh only to those listed.

HTH
Jon

seekuel wrote:
Thanks for the informative response.

if ill change the shell to /sbin/nologin will it deny ftp users access 
to the system? well I'm using tcp wrappers in relation to ssh but I 
need more security :D.

I need to deny shell access to ftp users because I was not able to do 
a virtual account on my ftp users :(, therefore they are having a 
system account and can get a shell if they login via ssh. I'm using 
vsftpd.

Any suggestions?

I'll check the AllowUsers and AllowGroups directives :)

--
sandeil

On 11/23/06, *Federico Sevilla III* < [EMAIL PROTECTED] 
<mailto:[EMAIL PROTECTED]>> wrote:

    On Thu, Nov 23, 2006 at 02:55:14PM +0800, seekuel wrote:
    > Is there a way to deny selected system users from accessing ssh
    remotely?

    Yes, check out the AllowUsers and AllowGroups directives.
    sshd_config(5)
    is your friend.

    --> Jijo

    --
    Federico Vicente C. Sevilla III
    Information Technology Consultant
    Website: http://jijo.free.net.ph
    _________________________________________________
    Philippine Linux Users' Group (PLUG) Mailing List
    plug@lists.linux.org.ph <mailto:plug@lists.linux.org.ph> (#PLUG @
    irc.free.net.ph <http://irc.free.net.ph>)
    Read the Guidelines: http://linux.org.ph/lists
    Searchable Archives: http://archives.free.net.ph




--
Respectfully yours,


Sandeil C. Tenebro, E.C.E.
Linux Registered User #384410
------------------------------------------------------------------------

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug@lists.linux.org.ph (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
------------------------------------------------------------------------

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.409 / Virus Database: 268.14.14/548 - Release Date: 11/23/2006

  


--

Regards,

Jon C. Viardo, Jr.
MIS Manager
Tone Guide Press, Inc.
11 Tirad Pass St., Caloocan City
Philippines, 1400
Tel     : +632-3646071 to 76
Fax     : +632-364-7529
Email   : [EMAIL PROTECTED]


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug@lists.linux.org.ph (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph