Re: Can an Account be Locked out for ssh but allow su?
Personally I prefer AllowUsers, as that denies all users except those specifically allowed. Deny/AllowGroups are useful too. 2008/10/8 Martin McCormick <[EMAIL PROTECTED]> > Henrik Hudson writes: > > Check the sshd_config man page for AllowUsers and DenyUsers directives. > > Many thanks. DenyUsers did the trick. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > [EMAIL PROTECTED]" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Can an Account be Locked out for ssh but allow su?
Henrik Hudson writes: > Check the sshd_config man page for AllowUsers and DenyUsers directives. Many thanks. DenyUsers did the trick. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Can an Account be Locked out for ssh but allow su?
On Wednesday 08 October 2008, Martin McCormick <[EMAIL PROTECTED]> sent a missive stating: > Is there a way to configure an account such that one can > su - this-account from another login on the system, but not ssh > directly in to it from the outside, similar to the way root > works if you set the terminal type in /etc/ttys to insecure? Check the sshd_config man page for AllowUsers and DenyUsers directives. THis should do what you want. Henrik -- Henrik Hudson [EMAIL PROTECTED] -- "God, root, what is difference?" Pitr; UF (http://www.userfriendly.org/) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Can an Account be Locked out for ssh but allow su?
Is there a way to configure an account such that one can su - this-account from another login on the system, but not ssh directly in to it from the outside, similar to the way root works if you set the terminal type in /etc/ttys to insecure? The idea is to make a common place for group projects but know who logged in and su'd in to this common space. We don't care if they logged in as themselves via ssh but we do care if they log in as this common user because we then don't know who accidentally deleted all the files or whatever accident one can imagine. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Telecommunications Services Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"