HPE Community
Operating System - Linux
1828658 Members
7018 Online
109983 Solutions
New Discussion

Re: Disabling users

 
Vijayakumar S
Advisor

‎03-22-2004 01:01 AM

‎03-22-2004 01:01 AM

Disabling users

Hi,

I want to Disable Few Users Logins thru SSH.
I don't want to use any other Tools.

Is there any soln. for this.

Thanks in Advance
Vijay S

0 Kudos
Reply
8 REPLIES 8
Alexander Chuzhoy
Honored Contributor

‎03-22-2004 01:29 AM

‎03-22-2004 01:29 AM

Re: Disabling users


add the next line in /etc/pam.d/sshd under the last "auth" statement:
"auth required pam_listfile.so item=user sense=deny file=/etc/pam.allow.sshd onerr=fail"
edit the file /etc/pam.allow.sshd and add all user you want to deny ssh access from.
0 Kudos
Reply
Vijayakumar S
Advisor

‎03-22-2004 09:27 PM

‎03-22-2004 09:27 PM

Re: Disabling users

Hi,

Thanks for the reply. But these files are not there. I think we have to create the pam.allow file etc.

Could you give me the tips in detail.

Is there any other method to disable users
logins. But they have to SU to that account.

Thanks
vijay s
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

‎03-22-2004 10:31 PM

‎03-22-2004 10:31 PM

Re: Disabling users

if the files are not there-then you don't have the pam package installed.
It comes with installation cd. Just locate the rpm file and then install it.
rpm -ivh pam-version.rpm

will install the package.
0 Kudos
Reply
Marcin Golembski_1
Honored Contributor

‎03-22-2004 10:32 PM

‎03-22-2004 10:32 PM

Re: Disabling users

You can use AllowUsers and DenyUsers options in your sshd_config file (usually in /etc/ssh). Check sshd_config(5) man page for details.
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

‎03-23-2004 03:12 AM

‎03-23-2004 03:12 AM

Re: Disabling users

I checked Marcin's option and it works like miracle.Not that my advise is bad , but Marcin's solution is much simpler, so I guess he deserves 10 points.

Simply add
AllowUsers username

line to a file /etc/ssh/sshd_config

when username is the username you wish to allow access.
then you have to restart the sshd service
service sshd restart
0 Kudos
Reply
Stuart Browne
Honored Contributor

‎03-23-2004 10:49 AM

‎03-23-2004 10:49 AM

Re: Disabling users

I don't know about simpler. It depends if the allow/deny list is going to be dynamic.

If it is going to change alot, then your (alexander's) will work better, as it doesn't requrie a re-start of the SSH daemon every time a change is made.

It's just a question of ongoing maintenance.
One long-haired git at your service...
0 Kudos
Reply
Vijayakumar S
Advisor

‎03-23-2004 09:05 PM

‎03-23-2004 09:05 PM

Re: Disabling users

Dear ALL,

Thanks for thouse who send the answers to me.
Yes Marcin Golembski is Right in his Answer.

But when i disable the user it works perfectly fine. But the hole is that he is now telnetting.

So I have to stop Telnet too.

Any Soln.

Thanks
Vijay S
0 Kudos
Reply
Paul Cross_1
Respected Contributor

‎03-24-2004 02:39 AM

‎03-24-2004 02:39 AM

Re: Disabling users

Are you trying to disable ALL access to the machine for a given user? Do you use NIS or local passwd file? You could remove the user from /etc/passwd or set a /bin/false shell in the /etc/passwd file. If you use NIS, you could use compat mode and explicitly deny the user. depends on what you are trying to do...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.