vu pham wrote:
Jason Edgecombe wrote:
[...]
what about using the "AllowUser u...@host" option in
/etc/ssh/sshd_config?
If you use ssh keys or kerberos ticket forwarding, then I think that PAM
is bypassed entirely depending on your sshd config. check the "UsePAM"
sshd option.
Thanks, Jason. You are right. Currently I have to use ssh keys for
root in order to be able to test the pam.d/sshd in case I do
something wrong and lose access to the server.
I also tried AllowUsers in sshd_config. I can limit u...@host2, u...@host3
but how do I specify other people have no limit ?
When I have
AllowUsers u...@host2 u...@host3
then I can limit u2 and u3 to login only from u2 and i3,
correspondingly but no other users can login.
When I have
AllowUsers u...@host2 u...@host3 *
then u2 and u3 can login just fine from anywhere.
man/listinfo/rhelv5-list
What about an "AllowUsers user" line for each normal user and the
"AllowUsers u...@host" lines for the two restricted users?
Jason
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
