HPE Community
Operating System - HP-UX
1826546 Members
4426 Online
109695 Solutions
New Discussion

Re: DenyUsers in sshd_config

 
dev44
Regular Advisor

‎06-17-2009 03:57 AM

‎06-17-2009 03:57 AM

DenyUsers in sshd_config

Hi,

WE have over 300 users that we don't want direct login to thru ssh. I an add all 300 to the DenyUsers but I was wondering if anyone knew if DenyUsers could be pointed to a file that lists them. From what i see, you can't...but figured I'd check here as you guys sometimes have great ideas.

Thanks
whatever
0 Kudos
Reply
3 REPLIES 3
Autocross.US
Trusted Contributor

‎06-17-2009 04:32 AM

‎06-17-2009 04:32 AM

Re: DenyUsers in sshd_config

I would add all the users to a group and then use the 'DenyGroups' directive to accomplish this task.



I drive way too fast to worry about calories.
0 Kudos
Reply
dev44
Regular Advisor

‎06-17-2009 06:20 AM

‎06-17-2009 06:20 AM

Re: DenyUsers in sshd_config

But then I have to add 300 users to a new group that has to be created on each server correct?

I can add wildcards in the DenyUsers which will cut the list in half, it would just be handy if it could read a file....but I am pretty sure it won't do that.
whatever
0 Kudos
Reply
Mel Burslan
Honored Contributor

‎06-17-2009 06:56 AM

‎06-17-2009 06:56 AM

Re: DenyUsers in sshd_config

Or, if the number of users who are allowed to login via ssh, you can deny everyone than add users allowed by using

AllowUsers weblogic www user1 user5
AllowUsers sysadmin

etc.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.