Date: Thu, 13 Jan 2000 20:45:20 -0500 (EST) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: ncb@zip.com.au (Nicholas Brawn) Cc: freebsd-security@FreeBSD.ORG Subject: Re: Disallow remote login by regular user. Message-ID: <200001140145.UAA15101@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <Pine.LNX.4.10.10001141203280.3124-100000@zipperii.zip.com.au> from Nicholas Brawn at "Jan 14, 2000 12:06:36 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Nicholas Brawn wrote, > Hi folks. I'm trying to ocnfigure my system so that I can disallow a > particular user account from being able to login remotely, and forcing > users to su to the account instead. How may I configure this? > > PS. Users may be using anything from telnet to ssh to login to the system, > so I need something that works across the board. For anything that is going to call login(1), you can use /etc/login.access(5). That pretty much eliminates stuff like telnet, rlogin, and console logins. For SSH, look at the 'AllowUsers' and 'DenyUsers' keywords for the sshd_conf file on the sshd(8) manpage. And of course, if ftp(1) is an issue, there is /etc/ftpusers as described in ftpd(8). None of these options, however, should mess with su(1). -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001140145.UAA15101>