How to dynamically restrict SSH access to a given user

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
: 7bit

The goal here is to create a script to easily manage reservation for a
machine. When a user reserve the machine, it should be the only one able
to access the machine for a given time (except admins of course).

I already found a solution with PAM. This single line in /etc/pam.d/sshd
would have resolve my problem:

auth required item=user sense=allow
file=/etc/ssh/sshd.allow onerr=fail

with the user login in /etc/ssh/sshd.allow

But it does not work at all:

$ cat /etc/ssh/sshd.allow  foo  $ tail -f /var/log/auth.log Dec  1
12:12:05 mini sshd[2697]: Accepted publickey for bar from
port 58087 ssh2 Dec  1 12:12:05 mini sshd[2697]: pam_unix(sshd:session):
session opened for user bar by (uid=0)

I am running a Debian Squeeze box, I don't know if the behaviour of PAM is
different with this.

Visualizza articolo...

Re: How to dynamically restrict SSH access to a given user

On 01/12/2010 19:42, Fabio Brazzo wrote:
Quoted text here. Click to load it

iptables can limit the number of connections to a port....

   @~@   Might, Courage, Vision, SINCERITY.
  / v \  Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10)  Linux 2.6.36
   ^ ^   21:29:01 up 4 days 4:17 2 users load average: 1.00 1.00 1.00
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺!
請考慮綜援 (CSSA):

Site Timeline