From owner-freebsd-questions@FreeBSD.ORG  Mon Apr 19 19:33:06 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1400216A4CE
	for <freebsd-questions@freebsd.org>;
	Mon, 19 Apr 2004 19:33:06 -0700 (PDT)
Received: from charade.trit.org (charade.trit.org [65.19.139.44])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0654D43D5F
	for <freebsd-questions@freebsd.org>;
	Mon, 19 Apr 2004 19:33:06 -0700 (PDT)
	(envelope-from andy@charade.trit.org)
Received: by charade.trit.org (Postfix, from userid 1004)
	id C27DDB8; Tue, 20 Apr 2004 02:33:05 +0000 (UTC)
Date: Tue, 20 Apr 2004 02:33:05 +0000
From: Andy Miller <andy@trit.org>
To: Robert Storey <y2kbug@ms25.hinet.net>
Message-ID: <20040420023305.GA19605@charade.trit.org>
References: <20040420102506.120a0298.y2kbug@ms25.hinet.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="2fHTh5uZTiUOsy+g"
Content-Disposition: inline
In-Reply-To: <20040420102506.120a0298.y2kbug@ms25.hinet.net>
User-Agent: Mutt/1.4.2.1i
X-OS: FreeBSD 5.2-CURRENT
X-Advocacy: Use FreeBSD. <http://www.freebsd.org/>
X-PGP-Key: 8982ACB9 <https://www.trit.org/~andy/andy.asc>
X-PGP-Fingerprint: 70CC 757F 49BB 0ED4 925C  5BA3 EC6C BF9B 8982 ACB9
cc: freebsd-questions@freebsd.org
Subject: Re: restricting ssh to authorized users
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Apr 2004 02:33:06 -0000


--2fHTh5uZTiUOsy+g
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 20, 2004 at 10:25:06AM +0800, Robert Storey wrote:
> I've been wondering what is the best way to prevent certain users from
> being able to login with ssh, even though I want to allow them ftp access?
>=20
> The opposite is easy to accomplish - if I put somebody's name in file
> /etc/ftpusers, that person cannot login with ftp, but they could still
> login with ssh. But I don't see a file /etc/sshusers, and I'm wondering if
> there is some equivalent.

If you don't want someone to be able to login, you can change their
login shell to /sbin/nologin.

--
Andy Miller
--2fHTh5uZTiUOsy+g
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAhIvf7Gy/m4mCrLkRAraMAJ44YycPwnsdM2MwoTi+F1Q93XE01QCeJYcL
FPS5iVQDAw0xvip3wB2ujJo=
=+J5H
-----END PGP SIGNATURE-----

--2fHTh5uZTiUOsy+g--