[svlug] Excluding usernames from ssh logins
Scott.Hess at gmail.com
Mon May 17 11:10:45 PDT 2004
On Mon, 17 May 2004 10:58:10 -0700, Scott Hess <scott.hess at gmail.com> wrote:
> On Mon, 17 May 2004 10:49:03 -0700, wwsprague at ucdavis.edu <wwsprague at ucdavis.edu> wrote:
> > Does anyone know how to prevent an arbitrary user from logging in via
> > ssh? I would like something like "NoRootLogin", except able to specify
> > a specific non-root username.
> > Context--secure ftp server with a username "ftp". If you can login via
> > another account on the machine, I assume you can su to "ftp"; otherwise,
> > I don't want you to be able to login to a shell as "ftp".
> You could try just disabling login for "ftp" entirely. That should impact su.
> [To disable login, put a "*" in the password field of /etc/passwd.
> Additionally perhaps put "/bin/false" in the shell field. Or maybe I
> have those backwards.]
Additionally, read the login(1) man page. Looks like /etc/usertty
could be used for this, also.
More information about the svlug