Date: Mon, 08 Aug 2005 00:32:37 +0200 From: Benjamin Lutz <benlutz@datacomm.ch> To: questions@freebsd.org Subject: Re: telnet/sshd limited by user? Message-ID: <42F68C05.1000404@datacomm.ch> In-Reply-To: <20050806221350.C2146@fw.skeleton.org> References: <20050806221350.C2146@fw.skeleton.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigA78DBAA9C80E3EA355F40DD9 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit > > Is it possible to set things so that 'telnet' is allowed only to one > specific user, while everyone else needs sshd? ie: Obviously, nologin > can be used as a shell to not permit any logins (but makes 'su' break > too), but I'd like to allow telnet for one specific user only and keep > everyone else on sshd. Yes, by playing with PAM. You can change telnetd's PAM configuration (/etc/pam.d/telnetd) to include a group check: auth requisite pam_group.so no_warn group=telnetusers Then create a group "telnetusers", and make your telnet user a member of it. Haven't tested it myself, hope it works. Cheers Benjamin --------------enigA78DBAA9C80E3EA355F40DD9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (Darwin) iD8DBQFC9owFgShs4qbRdeQRApapAJwNbWG8vH2Q2oUZ0L1CGLI2O4XesACfarjy NhuHJb2DJpmILuMHIsSj7Iw= =C4JQ -----END PGP SIGNATURE----- --------------enigA78DBAA9C80E3EA355F40DD9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42F68C05.1000404>