From owner-freebsd-security Thu Jan 13 17:46:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from icg.interactivate.com (icg.interactivate.com [207.110.42.216]) by hub.freebsd.org (Postfix) with ESMTP id 7924114E9A for ; Thu, 13 Jan 2000 17:46:20 -0800 (PST) (envelope-from larry@interactivate.com) Received: from cx47987-c (cx47987-c.escnd1.sdca.home.com [24.0.175.251]) by icg.interactivate.com (8.9.3/8.9.3) with ESMTP id RAA21281; Thu, 13 Jan 2000 17:49:14 -0800 (PST) Message-Id: <4.2.2.20000113173750.00bd29a0@mail.interactivate.com> X-Sender: larry@mail.interactivate.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 13 Jan 2000 17:41:11 -0800 To: Nicholas Brawn , freebsd-security@FreeBSD.ORG From: Lawrence Sica Subject: Re: Disallow remote login by regular user. In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:06 PM 1/14/00 +1100, Nicholas Brawn wrote: >Hi folks. I'm trying to ocnfigure my system so that I can disallow a >particular user account from being able to login remotely, and forcing >users to su to the account instead. How may I configure this? > >PS. Users may be using anything from telnet to ssh to login to the system, >so I need something that works across the board. across the board i'm not sure but i think you could modify the sshd_config file to deny the user remote login and telnet uses login so you could setup a /etc/login.access file to deny access. I haven't had to set this up so I'm thinking where i would start. do a man on login.access for howto set that up. It will allow you to give access to user by their tty. Check the respective man pages for exact particulars. HTH --Larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message