topic Re: DenyUsers in sshd_config in Operating System - HP-UX

DenyUsers in sshd_config

dev44 — Wed, 17 Jun 2009 10:57:01 GMT

Hi,

WE have over 300 users that we don't want direct login to thru ssh. I an add all 300 to the DenyUsers but I was wondering if anyone knew if DenyUsers could be pointed to a file that lists them. From what i see, you can't...but figured I'd check here as you guys sometimes have great ideas.

Thanks

Re: DenyUsers in sshd_config

Autocross.US — Wed, 17 Jun 2009 11:32:31 GMT

I would add all the users to a group and then use the 'DenyGroups' directive to accomplish this task.

Re: DenyUsers in sshd_config

dev44 — Wed, 17 Jun 2009 13:20:16 GMT

But then I have to add 300 users to a new group that has to be created on each server correct?

I can add wildcards in the DenyUsers which will cut the list in half, it would just be handy if it could read a file....but I am pretty sure it won't do that.

Re: DenyUsers in sshd_config

Mel Burslan — Wed, 17 Jun 2009 13:56:17 GMT

Or, if the number of users who are allowed to login via ssh, you can deny everyone than add users allowed by using

AllowUsers weblogic www user1 user5
AllowUsers sysadmin

etc.