Date: Fri, 14 Jan 2000 09:07:18 +0300 From: Alexey Zelkin <phantom@cris.net> To: David Wolfskill <dhw@whistle.com> Cc: freebsd-security@FreeBSD.ORG, ncb@zip.com.au Subject: Re: Disallow remote login by regular user. Message-ID: <20000114090718.C16542@scorpion.crimea.ua> In-Reply-To: <200001140140.RAA49056@pau-amma.whistle.com> References: <Pine.LNX.4.10.10001141203280.3124-100000@zipperii.zip.com.au> <200001140140.RAA49056@pau-amma.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
hi,
On Thu, Jan 13, 2000 at 05:40:56PM -0800, David Wolfskill wrote:
> >Hi folks. I'm trying to ocnfigure my system so that I can disallow a
> >particular user account from being able to login remotely, and forcing
> >users to su to the account instead. How may I configure this?
>
> >PS. Users may be using anything from telnet to ssh to login to the system,
^^^
> >so I need something that works across the board.
>
> I find that using '*' as the encrypted password appears to do the job
> for me.
It will not fix a problem if user if user have ~/.ssh/identity file :)
Simplest and dirty way to fix such problems is just changing user shell
to unexistent one or something like /bin/date :)
--
/* Alexey Zelkin && phantom@cris.net */
/* Tavric National University && phantom@crimea.edu */
/* http://www.ccssu.crimea.ua/~phantom && phantom@FreeBSD.org */
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000114090718.C16542>