How to block NIS logins via ssh?
fbsd.questions at rachie.is-a-geek.net
Thu Dec 11 00:11:29 PST 2008
On Thursday 11 December 2008 08:10:09 Dan Mahoney, System Admin wrote:
> Given, there's several solutions to this:
> 1) The Kluge as above.
> 2) A pam module to check /etc/group (this is standard login behavior, and
> historically supported, and available on other platforms, adding a module,
> even to ports, is trivial.
> 3) A patch to openssh to do /etc/shells checking (I'll note that openSSH
> has the "UseLogin" option, which may also do this.
> 4) An option to pam_unix to check this. Differs from #2 in that it's a
> change to an existing module instead of one in ports.
5) Use AllowGroups/AllowUsers and/or their Deny equivalent in sshd_config.
6) Disable password based logins and use keys only.
Problem with today's modular software: they start with the modules
and never get to the software part.
More information about the freebsd-questions