Sean Carolan wrote: >> You can either continue as usual with an authorized_keys file in their >> home directories, or look at the LPK patch available for OpenSSH that >> allows storing public keys in LDAP. >> >> Having the users in LDAP has absolutely no effect on how key-based >> logins work with SSH, but it does open up some other options. >> > > So the easiest route to take might be to dis-allow ssh logins for > everyone except my few authorized users via the /etc/security/access > file? And then to allow exceptions on a case by case basis using this > file as well? > /etc/security/access is definitely an option, as would be putting them all in a group and using "AllowGroups [your group]" in the sshd_config, among other possibilities. Doing something group-based is typically pretty easy to manage.
