From owner-freebsd-questions@FreeBSD.ORG Wed Nov 8 00:22:19 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2059D16A728 for ; Wed, 8 Nov 2006 00:22:19 +0000 (UTC) (envelope-from kdgrills@the-grills.com) Received: from sccrmhc11.comcast.net (sccrmhc11.comcast.net [63.240.77.81]) by mx1.FreeBSD.org (Postfix) with ESMTP id AEA4843D4C for ; Wed, 8 Nov 2006 00:22:18 +0000 (GMT) (envelope-from kdgrills@the-grills.com) Received: from srv1.the-grills.com (failure[71.57.60.59]) by comcast.net (sccrmhc11) with SMTP id <2006110800221701100cjcv1e>; Wed, 8 Nov 2006 00:22:17 +0000 Received: (qmail 46689 invoked by uid 1001); 8 Nov 2006 00:22:06 -0000 Date: Tue, 7 Nov 2006 18:22:06 -0600 From: "Kelly D. Grills" To: freebsd-questions@freebsd.org Message-ID: <20061108002159.GA3886@the-grills.com> Mail-Followup-To: freebsd-questions@freebsd.org References: <000301c702ae$da839510$0200a8c0@satellite> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="3MwIy2ne0vdjdPXF" Content-Disposition: inline In-Reply-To: <000301c702ae$da839510$0200a8c0@satellite> X-Operating-System: FreeBSD/6.0-RELEASE-p12 (i386) X-PGP-Key: mailto:kdgrills-pgpkey@the-grills.com User-Agent: Mutt/1.5.13 (2006-08-11) Subject: Re: denying a user access from the internet X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Nov 2006 00:22:19 -0000 --3MwIy2ne0vdjdPXF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 07, 2006 at 03:54:00PM -0500, Dave wrote: >=20 > Hello, > I've got a FreeBSD box that i have a user on who needs special console= =20 > access. I've given him access to what is required, but i do not want him = to=20 > be able to log in from the internet via ssh, telnet, or even a serial=20 > terminal if possible. Basically if this user isn't right in front of the= =20 > box i don't want him accessing it. Is it possible to lock a user out to= =20 > this extent, i know with ssh i can do an AllowGroup option and not put hi= m=20 > in the group that would work? > Thanks. > Dave. I've never personally used it, but /etc/login.access looks to be what you're looking for. The man page is login.access(5). --=20 Kelly D. Grills kdgrills@the-grills.com --3MwIy2ne0vdjdPXF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: PGP key: mailto:kdgrills-pgpkey@the-grills.com iD8DBQFFUSMn7inS5LzF7HMRAhVxAJ45pJRH38HqvxEWI0apLND9LlRAxACfat5P lOs4i1gJHi2cG5H8WEByKQM= =a/5m -----END PGP SIGNATURE----- --3MwIy2ne0vdjdPXF--