On Tue, 29 Apr 2003, Ed Wilts wrote: > I've got a weird problem I'm trying to solve on HP-UX 11.00. One of the > ways we've thought it could be solved is if we can restrict ssh to allow > only a pre-defined set of users in. Can we restrict which users can use > ssh and which can't? For the rest of the users, we're using a > restricted shell with telnet, but with ssh, we haven't found a way to > prevent ssh from allowing a shell command (e.g. ssh <host> ls -l) and > forcing the user to only go through the menu. You can use pam_access.so to restrict access for certain users. For ssh you can configure pam_access.so to use a different access.conf configuration file. For OpenSSH you can specify a forced command in the ~/.ssh/authorized_keys2 file. For example, if a script should be executed each time someone does ssh to user@xxxx, the ~/.ssh/authorized_keys2 might look like: command="your_script" ssh-dss AAAAB3Nza... OpenSSH key For example, to allow people to copy a specific file from a server without giving them ssh login or scp, add the following line to ~/.ssh/authorized_keys2 on your server: command="/bin/cat ~/FileName" ssh-dss AAAAB3Nza... OpenSSH key On the client node, the user can retrieve this file by running: ssh user@xxxxxx > FileName Werner _______________________________________________ Pam-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/pam-list
