Jason Edgecombe wrote:
vu pham wrote:
Jason Edgecombe wrote:
[...]
what about using the "AllowUser u...@host" option in
/etc/ssh/sshd_config?
If you use ssh keys or kerberos ticket forwarding, then I think that PAM
is bypassed entirely depending on your sshd config. check the "UsePAM"
sshd option.
Thanks, Jason. You are right. Currently I have to use ssh keys for
root in order to be able to test the pam.d/sshd in case I do
something wrong and lose access to the server.
I also tried AllowUsers in sshd_config. I can limit u...@host2, u...@host3
but how do I specify other people have no limit ?
When I have
AllowUsers u...@host2 u...@host3
then I can limit u2 and u3 to login only from u2 and i3,
correspondingly but no other users can login.
When I have
AllowUsers u...@host2 u...@host3 *
then u2 and u3 can login just fine from anywhere.
man/listinfo/rhelv5-list
What about an "AllowUsers user" line for each normal user and the
"AllowUsers u...@host" lines for the two restricted users?
That's absolutely possible, but I am looking for a way that I only have
to update the config file when there is an "unusual user", such as "u4
only from host4". Otherwise I have to update the config file whenever
the system has a new normal user, who can log in from anywhere.
I have about 100 "usual" users in the system so I feel lazy to add all
of them into that AllowUsers :)
Anyway, thanks for telling me about AllowUsers.
Vu
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
