How to block NIS logins via ssh?
Jerry
gesbbb at yahoo.com
Thu Dec 11 03:40:23 PST 2008
On Thu, 11 Dec 2008 09:11:26 +0100
Mel <fbsd.questions at rachie.is-a-geek.net> wrote:
>On Thursday 11 December 2008 08:10:09 Dan Mahoney, System Admin wrote:
>
>> Given, there's several solutions to this:
>>
>> 1) The Kluge as above.
>>
>> 2) A pam module to check /etc/group (this is standard login
>> behavior, and historically supported, and available on other
>> platforms, adding a module, even to ports, is trivial.
>>
>> 3) A patch to openssh to do /etc/shells checking (I'll note that
>> openSSH has the "UseLogin" option, which may also do this.
>>
>> 4) An option to pam_unix to check this. Differs from #2 in that
>> it's a change to an existing module instead of one in ports.
>
>5) Use AllowGroups/AllowUsers and/or their Deny equivalent in
>sshd_config.
>
>6) Disable password based logins and use keys only.
Personally, I have always used 'keys' instead of passwords. Given
enough time and resources, any password can be cracked. I really do not
understand why so many users insist on using passwords anyway.
--
Jerry
gesbbb at yahoo.com
A sadist is a masochist who follows the Golden Rule.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20081211/8d6fe386/signature.pgp
More information about the freebsd-questions
mailing list