From owner-freebsd-questions@FreeBSD.ORG Mon Apr 19 23:27:08 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E36C316A4CE for ; Mon, 19 Apr 2004 23:27:08 -0700 (PDT) Received: from msr16.hinet.net (msr16.hinet.net [168.95.4.116]) by mx1.FreeBSD.org (Postfix) with ESMTP id 381EB43D46 for ; Mon, 19 Apr 2004 23:27:06 -0700 (PDT) (envelope-from y2kbug@ms25.hinet.net) Received: from sonic (61-227-219-209.dynamic.hinet.net [61.227.219.209]) by msr16.hinet.net (8.9.3/8.9.3) with SMTP id OAA07838 for ; Tue, 20 Apr 2004 14:27:01 +0800 (CST) Date: Tue, 20 Apr 2004 14:10:05 +0800 From: Robert Storey To: freebsd-questions@freebsd.org Message-Id: <20040420141005.5a3241de.y2kbug@ms25.hinet.net> In-Reply-To: <20040420023305.GA19605@charade.trit.org> References: <20040420102506.120a0298.y2kbug@ms25.hinet.net> <20040420023305.GA19605@charade.trit.org> X-Mailer: Sylpheed version 0.8.11 (GTK+ 1.2.10; i386-debian-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: restricting ssh to authorized users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: y2kbug@ms25.hinet.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Apr 2004 06:27:09 -0000 Thanks Andy, that was easy. Wish all the solutions to my sysadmin questions were so simple. best regards, Robert On Tue, 20 Apr 2004 02:33:05 +0000 Andy Miller wrote: > On Tue, Apr 20, 2004 at 10:25:06AM +0800, Robert Storey wrote: > > I've been wondering what is the best way to prevent certain users from > > being able to login with ssh, even though I want to allow them ftp > > access? > > > > The opposite is easy to accomplish - if I put somebody's name in file > > /etc/ftpusers, that person cannot login with ftp, but they could still > > login with ssh. But I don't see a file /etc/sshusers, and I'm > > wondering if there is some equivalent. > > If you don't want someone to be able to login, you can change their > login shell to /sbin/nologin.