Date: Fri, 14 Jan 2000 09:23:24 -0700 From: Wes Peters <wes@softweyr.com> To: Alexey Zelkin <phantom@cris.net> Cc: David Wolfskill <dhw@whistle.com>, freebsd-security@FreeBSD.ORG, ncb@zip.com.au Subject: Re: Disallow remote login by regular user. Message-ID: <387F4D7C.3C72D334@softweyr.com> References: <Pine.LNX.4.10.10001141203280.3124-100000@zipperii.zip.com.au> <200001140140.RAA49056@pau-amma.whistle.com> <20000114090718.C16542@scorpion.crimea.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Alexey Zelkin wrote:
>
> hi,
>
> On Thu, Jan 13, 2000 at 05:40:56PM -0800, David Wolfskill wrote:
>
> > >Hi folks. I'm trying to ocnfigure my system so that I can disallow a
> > >particular user account from being able to login remotely, and forcing
> > >users to su to the account instead. How may I configure this?
> >
> > >PS. Users may be using anything from telnet to ssh to login to the system,
> ^^^
> > >so I need something that works across the board.
> >
> > I find that using '*' as the encrypted password appears to do the job
> > for me.
>
> It will not fix a problem if user if user have ~/.ssh/identity file :)
>
> Simplest and dirty way to fix such problems is just changing user shell
> to unexistent one or something like /bin/date :)
Or /bin/nologin, or install the no-login package/port and use /usr/local/bin/
nologin, which will log attempts in syslog for you.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?387F4D7C.3C72D334>