Date: Mon, 17 Jan 2000 19:56:42 -0600 From: "Matthew D. Fuller" <fullermd@futuresouth.com> To: Nathan Dorfman <nathan@rtfm.net> Cc: cjclark@home.com, Nicholas Brawn <ncb@zip.com.au>, freebsd-security@FreeBSD.ORG Subject: Re: Disallow remote login by regular user. Message-ID: <20000117195642.B23821@futuresouth.com> In-Reply-To: <20000114133222.A18079@rtfm.net> References: <Pine.LNX.4.10.10001141203280.3124-100000@zipperii.zip.com.au> <200001140145.UAA15101@cc942873-a.ewndsr1.nj.home.com> <20000114133222.A18079@rtfm.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[ Sorry, little bit late... ] On Fri, Jan 14, 2000 at 01:32:22PM -0500, a little birdie told me that Nathan Dorfman remarked > On Thu, Jan 13, 2000 at 08:45:20PM -0500, Crist J. Clark wrote: > > > > For anything that is going to call login(1), you can use > > /etc/login.access(5). That pretty much eliminates stuff like telnet, > > rlogin, and console logins. For SSH, look at the 'AllowUsers' and > > 'DenyUsers' keywords for the sshd_conf file on the sshd(8) > > manpage. And of course, if ftp(1) is an issue, there is /etc/ftpusers > > as described in ftpd(8). > > You can make sshd use login(1). Set UseLogin to yes in sshd_config. This > is (at least sounds like) a good idea just so that login.access(5) and > login.conf(5) have their effect. Except (at least login.access) they don't. Try it. Never worked for me. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Unix Systems Administrator | fullermd@futuresouth.com Specializing in FreeBSD | http://www.over-yonder.net/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000117195642.B23821>