Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Markku Sukanen
July 4, 2003, 7:22 pm
rate this thread
head. How to modify some (not all) of the accounts under unix/linux
(RedHat7.2) to accept only SSH/SSH2 logins, and how to make some others
to accept only Telnet, and then, how to make some accounts to take
logins from only some specific IP range?
Re: Making -some- of the account to accept either SSH and/or logins from all or specified IP range.
MS> Ok, I've known the answer to this in the past, but it has faded
MS> from my head. How to modify some (not all) of the accounts under
MS> unix/linux (RedHat7.2) to accept only SSH/SSH2 logins, and how to
MS> make some others to accept only Telnet, and then, how to make some
MS> accounts to take logins from only some specific IP range?
This question is essentially backwards, because accounts are not active
entities that "accept" anything. Any process running as root has the
right to create a process running under any other uid and thus "log" that
uid in. There's no notion of there being a fixed allowed set of entryways
into the system which you can then list conveniently somewhere as being
the ones allowed for a given account.
So, to achive this end, you have to rely on cooperating secondary effects.
For example, you could configure an OpenSSH server to only allow
public-key authentication, and only certain accounts (AllowUsers), then
use per-account presence/absence of ~/.ssh/authorized_keys and the
from=... key option to control whether and from where you can get in. If
you can then set your Telnet server to *not* allow these accounts to log
in, but allow your other set, then you get the overall effect you want.
You might be able to accomplish that with a combination of PAM and/or
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum