From owner-freebsd-security  Fri Jan 14  0: 0:17 2000
Delivered-To: freebsd-security@freebsd.org
Received: from sonet.crimea.ua (OTC-sl3-FLY.CRIS.NET [212.110.136.71])
	by hub.freebsd.org (Postfix) with ESMTP id 7AF38151C4
	for <freebsd-security@FreeBSD.ORG>; Thu, 13 Jan 2000 23:59:59 -0800 (PST)
	(envelope-from phantom@scorpion.crimea.ua)
Received: (from uucp@localhost)
	by sonet.crimea.ua (8.9.3/8.9.3) with UUCP id KAA13232;
	Fri, 14 Jan 2000 10:07:33 +0300 (MSK)
Received: (from phantom@localhost)
	by scorpion.crimea.ua (8.8.8/8.8.5+ssl+keepalive) id JAA28258;
	Fri, 14 Jan 2000 09:07:18 +0300 (MSK)
Date: Fri, 14 Jan 2000 09:07:18 +0300
From: Alexey Zelkin <phantom@cris.net>
To: David Wolfskill <dhw@whistle.com>
Cc: freebsd-security@FreeBSD.ORG, ncb@zip.com.au
Subject: Re: Disallow remote login by regular user.
Message-ID: <20000114090718.C16542@scorpion.crimea.ua>
References: <Pine.LNX.4.10.10001141203280.3124-100000@zipperii.zip.com.au> <200001140140.RAA49056@pau-amma.whistle.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.7i
In-Reply-To: <200001140140.RAA49056@pau-amma.whistle.com>
X-Operating-System: FreeBSD 2.2.7-RELEASE i386
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

hi,

On Thu, Jan 13, 2000 at 05:40:56PM -0800, David Wolfskill wrote:

> >Hi folks. I'm trying to ocnfigure my system so that I can disallow a
> >particular user account from being able to login remotely, and forcing
> >users to su to the account instead. How may I configure this?
> 
> >PS. Users may be using anything from telnet to ssh to login to the system,
                                                  ^^^
> >so I need something that works across the board.
> 
> I find that using '*' as the encrypted password appears to do the job
> for me.

It will not fix a problem if user if user have ~/.ssh/identity file :)

Simplest and dirty way to fix such problems is just changing user shell
to unexistent one or something like /bin/date :)

-- 
/* Alexey Zelkin                       && phantom@cris.net    */
/* Tavric National University          && phantom@crimea.edu  */
/* http://www.ccssu.crimea.ua/~phantom && phantom@FreeBSD.org */


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message