enable telnet / ssh for some users, disable for others

03-01-2006, 12:57 AM

I have a Fedora Core 2 box that has a few users that use it remotely.
I have FTP enabled for all, and I need a way to enable remote SSH
access to their shell accounts for some users but not for others. How
do I go about doing that?

03-01-2006, 02:34 AM

On Tue, 28 Feb 2006 20:57:27 -0500, Eric wrote:

>
> I have a Fedora Core 2 box that has a few users that use it remotely.
> I have FTP enabled for all, and I need a way to enable remote SSH
> access to their shell accounts for some users but not for others. How
> do I go about doing that?

By reading up on the following two files:
/etc/hosts.deny
/etc/hosts.allow

Access Control LIsts (ACL's) might be worth looking at, too.

--
If you're not on the edge, you're taking up too much space.
Linux Registered User #327951

03-01-2006, 03:11 AM

Eric wrote:
> I have a Fedora Core 2 box that has a few users that use it remotely.
> I have FTP enabled for all, and I need a way to enable remote SSH
> access to their shell accounts for some users but not for others. How
> do I go about doing that?

Add /bin/false to /etc/shells then set the shell for non ssh users to
/bin/false. I'm assuming Fedora has /bin/false, I use slackware on all
my servers.

03-01-2006, 05:30 AM

"Eric" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)

> I have a Fedora Core 2 box that has a few users that use it remotely.
> I have FTP enabled for all, and I need a way to enable remote SSH
> access to their shell accounts for some users but not for others. How
> do I go about doing that?

In /etc/ssh/sshd_config:

PermitRootLogin no
AllowUsers user0 user1 user2

"man sshd_config" for more information.

03-01-2006, 05:34 AM

I wrote in message news:(E-Mail Removed)

> In /etc/ssh/sshd_config:
>
> PermitRootLogin no
> AllowUsers user0 user1 user2
>
> "man sshd_config" for more information.

.... or wherever the file is located on your system, perhaps
/usr/local/etc/sshd_config

03-01-2006, 05:39 AM

On 2006-03-01, ynotssor <(E-Mail Removed)> wrote:
> "Eric" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)
>
>> I have a Fedora Core 2 box that has a few users that use it remotely.
>> I have FTP enabled for all, and I need a way to enable remote SSH
>> access to their shell accounts for some users but not for others. How
>> do I go about doing that?
>
> In /etc/ssh/sshd_config:
>
> PermitRootLogin no
> AllowUsers user0 user1 user2
>
> "man sshd_config" for more information.
>

If you have *several* users, you might consider this instead:
AllowGroups sshusers
where 'sshusers' is a group you create and to which you add
desired users

RW

--

http://rlworkman.net

03-01-2006, 10:44 AM

On Tue, 28 Feb 2006 20:57:27 -0500, Eric wrote:

>
> I have a Fedora Core 2 box that has a few users that use it remotely. I
> have FTP enabled for all, and I need a way to enable remote SSH access to
> their shell accounts for some users but not for others. How do I go about
> doing that?

Disable password authorization and require RSA authorization. Put the
authorized keys in /etc/ssh/authorized_keys instead of in the users
~/.ssh/authorized_keys files. Only the users who's public keys are stored
in the authorized_keys file will be able to ssh in.

03-01-2006, 11:11 AM

On Wed, 01 Mar 2006 06:44:54 -0500, General Schvantzkoph wrote:

> On Tue, 28 Feb 2006 20:57:27 -0500, Eric wrote:
>
>
>> I have a Fedora Core 2 box that has a few users that use it remotely. I
>> have FTP enabled for all, and I need a way to enable remote SSH access
>> to their shell accounts for some users but not for others. How do I go
>> about doing that?
>
> Disable password authorization and require RSA authorization. Put the
> authorized keys in /etc/ssh/authorized_keys instead of in the users
> ~/.ssh/authorized_keys files. Only the users who's public keys are stored
> in the authorized_keys file will be able to ssh in.

And create a list of allowed SSH users in /etc/sshd_config.

From the man-page:
AllowUsers
This keyword can be followed by a list of user name patterns,
separated by spaces. If specified, login is allowed only for
user names that match one of the patterns. `*' and `?' can be
used as wildcards in the patterns. Only user names are valid; a
numerical user ID is not recognized. By default, login is
allowed for all users. If the pattern takes the form USER@HOST
then USER and HOST are separately checked, restricting logins to
particular users from particular hosts.

--
gr,
maxx
:wq!

03-01-2006, 11:50 AM

On Tue, 28 Feb 2006 21:34:19 -0600, Dan C
<(E-Mail Removed)> wrote:

>On Tue, 28 Feb 2006 20:57:27 -0500, Eric wrote:
>>
>> I have a Fedora Core 2 box that has a few users that use it remotely.
>> I have FTP enabled for all, and I need a way to enable remote SSH
>> access to their shell accounts for some users but not for others. How
>> do I go about doing that?
>
>By reading up on the following two files:
>/etc/hosts.deny
>/etc/hosts.allow

Good moring, Dan.

Unfortunately those just allow or deny access from specific hosts. I
need to allow or deny access to users, regardless of what host they
are accessing from.

>Access Control LIsts (ACL's) might be worth looking at, too.

I will look at that, thanks.

Eric

03-01-2006, 12:10 PM

Thanks to all for your assistance. Setting the user's shell to either
/bin/false or /sbin/nologin did the trick.

Eric

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Network enable/disable repair - now unable to	Chris Wrigley	Wireless Networks	0	03-29-2008 11:54 AM
Enable root access to telnet with krb5-telnet	Phoe6	Linux Networking	2	06-08-2007 11:00 AM
Enable/disable web access easily?	John Carlyle-Clarke	Windows Networking	0	04-19-2006 10:13 AM
MN-710 USB Disable/Enable Device	Jer	Broadband Hardware	4	04-09-2004 12:23 PM
How to enable/disable broadband connection?	Malcolm H	Windows Networking	2	08-22-2003 05:21 AM