telnet/sshd limited by user?
skeezix at skeleton.org
Sun Aug 7 23:44:01 GMT 2005
On Mon, 8 Aug 2005, Benjamin Lutz wrote:
# > Is it possible to set things so that 'telnet' is allowed only to one
# > specific user, while everyone else needs sshd? ie: Obviously, nologin
# > can be used as a shell to not permit any logins (but makes 'su' break
# > too), but I'd like to allow telnet for one specific user only and keep
# > everyone else on sshd.
# Yes, by playing with PAM. You can change telnetd's PAM configuration
# (/etc/pam.d/telnetd) to include a group check:
# auth requisite pam_group.so no_warn group=telnetusers
# Then create a group "telnetusers", and make your telnet user a member of it.
# Haven't tested it myself, hope it works.
Ah, indeed; I didn't read much up on PAM and didn't realize it
could go through a series of phases before allowing on, so you can do a
group-check and then additional checks as well. Neat stuff.
Thanks for the tip,
"Have you played Atari today?"
More information about the freebsd-questions