telnet/sshd limited by user?

Jeff Mitchell skeezix at
Sun Aug 7 23:44:01 GMT 2005

On Mon, 8 Aug 2005, Benjamin Lutz wrote:

# >     Is it possible to set things so that 'telnet' is allowed only to one
# > specific user, while everyone else needs sshd? ie: Obviously, nologin
# > can be used as a shell to not permit any logins (but makes 'su' break
# > too), but I'd like to allow telnet for one specific user only and keep
# > everyone else on sshd.
# Yes, by playing with PAM. You can change telnetd's PAM configuration
# (/etc/pam.d/telnetd) to include a group check:
# auth	requisite	no_warn group=telnetusers
# Then create a group "telnetusers", and make your telnet user a member of it.
# Haven't tested it myself, hope it works.

	Ah, indeed; I didn't read much up on PAM and didn't realize it 
could go through a series of phases before allowing on, so you can do a 
group-check and then additional checks as well. Neat stuff.

	Thanks for the tip,


"Have you played Atari today?"

More information about the freebsd-questions mailing list