https://community.hpe.com/t5/operating-system-hp-ux/deney-access-to-specific-users-with-ssh/m-p/3138097#M154607 passwd -l username<BR /><BR />or<BR /><BR />/var/adm/inetd.sec<BR /><BR />You should be able to block by username there.<BR /><BR />SEP Sun, 07 Dec 2003 23:41:49 GMT Steven E. Protter 2003-12-07T23:41:49Z https://community.hpe.com/t5/operating-system-hp-ux/deney-access-to-specific-users-with-ssh/m-p/3138096#M154606 We are trying to lock down our system and with that, we have started using ssh.<BR /><BR />How do we disable ssh login for specific users... Sun, 07 Dec 2003 23:10:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/deney-access-to-specific-users-with-ssh/m-p/3138096#M154606 Ratzie 2003-12-07T23:10:55Z https://community.hpe.com/t5/operating-system-hp-ux/deney-access-to-specific-users-with-ssh/m-p/3138097#M154607 passwd -l username<BR /><BR />or<BR /><BR />/var/adm/inetd.sec<BR /><BR />You should be able to block by username there.<BR /><BR />SEP Sun, 07 Dec 2003 23:41:49 GMT https://community.hpe.com/t5/operating-system-hp-ux/deney-access-to-specific-users-with-ssh/m-p/3138097#M154607 Steven E. Protter 2003-12-07T23:41:49Z https://community.hpe.com/t5/operating-system-hp-ux/deney-access-to-specific-users-with-ssh/m-p/3138098#M154608 Hi,<BR /><BR />inetd.sec allows you to deny access to the hostname/s or ip address/es of the workstations. <BR /><BR /># ssh deny/allow [ip or range of ip]<BR /># ssh deny/allow [hostname/s]<BR /><BR />In fact, I would also like to know how to disable certain services to specific user.<BR /><BR />regards. Mon, 08 Dec 2003 00:05:06 GMT https://community.hpe.com/t5/operating-system-hp-ux/deney-access-to-specific-users-with-ssh/m-p/3138098#M154608 Joseph Loo 2003-12-08T00:05:06Z https://community.hpe.com/t5/operating-system-hp-ux/deney-access-to-specific-users-with-ssh/m-p/3138099#M154609 I found the answer.<BR />In sshd_config<BR /><BR />DenyUsers <USER name=""> <USER name=""><BR /><BR /></USER></USER> Mon, 08 Dec 2003 12:23:14 GMT https://community.hpe.com/t5/operating-system-hp-ux/deney-access-to-specific-users-with-ssh/m-p/3138099#M154609 Ratzie 2003-12-08T12:23:14Z https://community.hpe.com/t5/operating-system-hp-ux/deney-access-to-specific-users-with-ssh/m-p/3138100#M154610 Another effective way is to use /etc/hosts.allow... and /etc/hosts.deny...<BR /><BR />You can configure it to only allow ranges and only certain IPs...<BR /><BR />here is a great link to it.<BR /><BR /><BR /><A href="http://ezine.daemonnews.org/200206/hosts_allow.html" target="_blank">http://ezine.daemonnews.org/200206/hosts_allow.html</A><BR /><BR /><BR />Shows full syntax and application.<BR /><BR /><BR />Be sure to put any "deny" statements ahead of an "allow all" statements... in the /etc/hosts.allow file...<BR /><BR />sshd : all : banners=/usr/localcw/opt/sysguard/banners : allow <BR /><BR />In deny file, deny all:all. Use the hosts.allow to manage services as I have in my example.<BR /><BR /><BR /># cat /etc/hosts.allow<BR />#all : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />ftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />telnetd : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />tftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />logind : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />rlogind : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />remshd: all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />sidftpd : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />rexecd : all : banners=/usr/localcw/opt/sysguard/banners : allow<BR />sshd : all : banners=/usr/localcw/opt/sysguard/banners : allow <BR /><BR /> Mon, 08 Dec 2003 13:20:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/deney-access-to-specific-users-with-ssh/m-p/3138100#M154610 Todd McDaniel_1 2003-12-08T13:20:52Z