[Watford] SSH Questions
Alain Williams
addw at phcomp.co.uk
Wed Sep 17 06:41:30 UTC 2008
On Tue, Sep 16, 2008 at 09:54:04PM +0100, Magnus Kelly wrote:
> Then is it not possible to control which account the ssh key opens and
> then force the user to su post login to a password protected account
> that does not allow direct login - hence without the key you can't try
> and login to the correct account that has the rights to perform the
> legit remote process.
You could look at PAM. Put something appropriate into /etc/pam.d/sshd
to limit what accounts someone can ssh in to. The user would then
have to 'su' to get further.
In /etc/ssh/sshd_config you can also control which accounts can be logged in to.
PAM is prob more flexible ATM, although there is some work to make sshd
do some of this itself.
--
Alain Williams
Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
Chairman of UKUUG: http://www.ukuug.org/
#include <std_disclaimer.h>
More information about the Watford
mailing list