topic Re: Disabling users in Operating System - Linux

Disabling users

Vijayakumar S — Mon, 22 Mar 2004 09:01:18 GMT

Hi,

I want to Disable Few Users Logins thru SSH.
I don't want to use any other Tools.

Is there any soln. for this.

Thanks in Advance
Vijay S

Re: Disabling users

Alexander Chuzhoy — Mon, 22 Mar 2004 09:29:53 GMT

add the next line in /etc/pam.d/sshd under the last "auth" statement:
"auth required pam_listfile.so item=user sense=deny file=/etc/pam.allow.sshd onerr=fail"
edit the file /etc/pam.allow.sshd and add all user you want to deny ssh access from.

Re: Disabling users

Vijayakumar S — Tue, 23 Mar 2004 05:27:33 GMT

Hi,

Thanks for the reply. But these files are not there. I think we have to create the pam.allow file etc.

Could you give me the tips in detail.

Is there any other method to disable users
logins. But they have to SU to that account.

Thanks
vijay s

Re: Disabling users

Alexander Chuzhoy — Tue, 23 Mar 2004 06:31:03 GMT

if the files are not there-then you don't have the pam package installed.
It comes with installation cd. Just locate the rpm file and then install it.
rpm -ivh pam-version.rpm

will install the package.

Re: Disabling users

Marcin Golembski_1 — Tue, 23 Mar 2004 06:32:01 GMT

You can use AllowUsers and DenyUsers options in your sshd_config file (usually in /etc/ssh). Check sshd_config(5) man page for details.

Re: Disabling users

Alexander Chuzhoy — Tue, 23 Mar 2004 11:12:24 GMT

I checked Marcin's option and it works like miracle.Not that my advise is bad , but Marcin's solution is much simpler, so I guess he deserves 10 points.

Simply add
AllowUsers username

line to a file /etc/ssh/sshd_config

when username is the username you wish to allow access.
then you have to restart the sshd service
service sshd restart

Re: Disabling users

Stuart Browne — Tue, 23 Mar 2004 18:49:52 GMT

I don't know about simpler. It depends if the allow/deny list is going to be dynamic.

If it is going to change alot, then your (alexander's) will work better, as it doesn't requrie a re-start of the SSH daemon every time a change is made.

It's just a question of ongoing maintenance.

Re: Disabling users

Vijayakumar S — Wed, 24 Mar 2004 05:05:30 GMT

Dear ALL,

Thanks for thouse who send the answers to me.
Yes Marcin Golembski is Right in his Answer.

But when i disable the user it works perfectly fine. But the hole is that he is now telnetting.

So I have to stop Telnet too.

Any Soln.

Thanks
Vijay S

Re: Disabling users

Paul Cross_1 — Wed, 24 Mar 2004 10:39:24 GMT

Are you trying to disable ALL access to the machine for a given user? Do you use NIS or local passwd file? You could remove the user from /etc/passwd or set a /bin/false shell in the /etc/passwd file. If you use NIS, you could use compat mode and explicitly deny the user. depends on what you are trying to do...