Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 16 Jan 2000 12:53:06 -0500 (EST)
From:      Omachonu Ogali <oogali@intranova.net>
To:        Wes Peters <wes@softweyr.com>
Cc:        Alexey Zelkin <phantom@cris.net>, David Wolfskill <dhw@whistle.com>, freebsd-security@FreeBSD.ORG, ncb@zip.com.au
Subject:   Re: Disallow remote login by regular user.
Message-ID:  <Pine.BSF.4.10.10001161251310.78224-100000@hydrant.intranova.net>
In-Reply-To: <387F4D7C.3C72D334@softweyr.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
That isn't even needed, just set the shell to a nonexistant shell. So it
won't work with ftp (ftp requires a valid shell in /etc/shells), ssh (ssh
follows the same suit as ftp), and telnet will probably let them login and
immediately log them out because it's going to return an error after
executing the shell.

Omachonu Ogali
Intranova Networking Group

On Fri, 14 Jan 2000, Wes Peters wrote:

> Alexey Zelkin wrote:
> > 
> > hi,
> > 
> > On Thu, Jan 13, 2000 at 05:40:56PM -0800, David Wolfskill wrote:
> > 
> > > >Hi folks. I'm trying to ocnfigure my system so that I can disallow a
> > > >particular user account from being able to login remotely, and forcing
> > > >users to su to the account instead. How may I configure this?
> > >
> > > >PS. Users may be using anything from telnet to ssh to login to the system,
> >                                                   ^^^
> > > >so I need something that works across the board.
> > >
> > > I find that using '*' as the encrypted password appears to do the job
> > > for me.
> > 
> > It will not fix a problem if user if user have ~/.ssh/identity file :)
> > 
> > Simplest and dirty way to fix such problems is just changing user shell
> > to unexistent one or something like /bin/date :)
> 
> Or /bin/nologin, or install the no-login package/port and use /usr/local/bin/
> nologin, which will log attempts in syslog for you.
> 
> 
> -- 
>             "Where am I, and what am I doing in this handbasket?"
> 
> Wes Peters                                                         Softweyr LLC
> wes@softweyr.com                                           http://softweyr.com/
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001161251310.78224-100000>