Date: Wed, 06 Oct 1999 20:43:51 +0000 From: Joseph Scott <joseph.scott@owp.csus.edu> To: Mike Tancsa <mike@sentex.net> Cc: questions@FreeBSD.ORG Subject: Re: login.access and sshd Message-ID: <37FBB487.6AC8B32F@owp.csus.edu> References: <3.0.5.32.19991006131601.019cca20@staff.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote: > > Is there any way to get sshd honour login.access ? Or at least control who > is and is not allowed to login on a per user or group basis ? From man sshd, under the CONFIGURATION FILE section : AllowGroups This keyword can be followed by any number of group name patterns, separated by spaces. If specified, login is allowed only if users primary group name matches one of the patterns. '*' and '?' can be used as wildcards in the patterns. By default, logins as all users are allowed. Note that the all other login authentication steps must still be sucessfully completed. AllowGroups and DenyGroups are additional restrictions. .... AllowUsers This keyword can be followed by any number of user name patterns or user@host patterns, separated by spaces. Host name may be either the dns name or the ip address. If specified, login is allowed only as users whose name matches one of the patterns. '*' and '?' can be used as wildcards in the patterns. By default, logins as all users are allowed. Note that the all other login authentication steps must still be sucessfully completed. AllowUsers and DenyUsers are additional restrictions. This should do what you are asking, however I could see having sshd respect login.access make sense, that way you only have configure access control in place. -- Joseph Scott joseph.scott@owp.csus.edu Office Of Water Programs - CSU Sacramento To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37FBB487.6AC8B32F>