From owner-freebsd-security Wed Mar 28 21:20:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from hal9000.bsdonline.org (24-168-203-47.wo.cox.rr.com [24.168.203.47]) by hub.freebsd.org (Postfix) with ESMTP id 5C3A237B71B for ; Wed, 28 Mar 2001 21:20:45 -0800 (PST) (envelope-from ajc@hal9000.bsdonline.org) Received: by hal9000.bsdonline.org (Postfix, from userid 1001) id 23FED1FED; Thu, 29 Mar 2001 00:20:30 -0500 (EST) Date: Thu, 29 Mar 2001 00:20:30 -0500 From: Andrew J Caines To: security@FreeBSD.ORG Subject: Re: account control to ssh Message-ID: <20010329002030.H474@hal9000.bsdonline.org> Reply-To: Andrew J Caines Mail-Followup-To: security@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from George.Giles@mcmail.vanderbilt.edu on Wed, Mar 28, 2001 at 09:52:06AM -0600 Organization: H.A.L. Plant X-Powered-by: FreeBSD 4.2-STABLE Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org George, > How would I restrict incoming ssh connections on a per user basis ? While others have mentioned other more general config parameters to restrict access in a broader fashion, this is one of the two basic functions of SSH - strong authentication, the other being encryption. If you only allow key authentication by setting "PasswordAuthentication no" in in/etc/ssh/sshd_config, then only the users you explicitly authorise by putting their public key in their account's authorized_keys or authorized_keys2 file can log in to the system. -Andrew- -- _______________________________________________________________________ | -Andrew J. Caines- Unix Systems Engineer A.J.Caines@altavista.net | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message