From owner-freebsd-questions@FreeBSD.ORG Mon Apr 19 19:33:06 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1400216A4CE for ; Mon, 19 Apr 2004 19:33:06 -0700 (PDT) Received: from charade.trit.org (charade.trit.org [65.19.139.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0654D43D5F for ; Mon, 19 Apr 2004 19:33:06 -0700 (PDT) (envelope-from andy@charade.trit.org) Received: by charade.trit.org (Postfix, from userid 1004) id C27DDB8; Tue, 20 Apr 2004 02:33:05 +0000 (UTC) Date: Tue, 20 Apr 2004 02:33:05 +0000 From: Andy Miller To: Robert Storey Message-ID: <20040420023305.GA19605@charade.trit.org> References: <20040420102506.120a0298.y2kbug@ms25.hinet.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2fHTh5uZTiUOsy+g" Content-Disposition: inline In-Reply-To: <20040420102506.120a0298.y2kbug@ms25.hinet.net> User-Agent: Mutt/1.4.2.1i X-OS: FreeBSD 5.2-CURRENT X-Advocacy: Use FreeBSD. X-PGP-Key: 8982ACB9 X-PGP-Fingerprint: 70CC 757F 49BB 0ED4 925C 5BA3 EC6C BF9B 8982 ACB9 cc: freebsd-questions@freebsd.org Subject: Re: restricting ssh to authorized users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Apr 2004 02:33:06 -0000 --2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 20, 2004 at 10:25:06AM +0800, Robert Storey wrote: > I've been wondering what is the best way to prevent certain users from > being able to login with ssh, even though I want to allow them ftp access? >=20 > The opposite is easy to accomplish - if I put somebody's name in file > /etc/ftpusers, that person cannot login with ftp, but they could still > login with ssh. But I don't see a file /etc/sshusers, and I'm wondering if > there is some equivalent. If you don't want someone to be able to login, you can change their login shell to /sbin/nologin. -- Andy Miller --2fHTh5uZTiUOsy+g Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAhIvf7Gy/m4mCrLkRAraMAJ44YycPwnsdM2MwoTi+F1Q93XE01QCeJYcL FPS5iVQDAw0xvip3wB2ujJo= =+J5H -----END PGP SIGNATURE----- --2fHTh5uZTiUOsy+g--