Re: Restricting users per service

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 29, 2003 at 09:42:29PM -0400, Werner Puschitz wrote:
> 
> On Tue, 29 Apr 2003, Ed Wilts wrote:
> 
> > I've got a weird problem I'm trying to solve on HP-UX 11.00.  One of the
> > ways we've thought it could be solved is if we can restrict ssh to allow
> > only a pre-defined set of users in.  Can we restrict which users can use
> > ssh and which can't?  For the rest of the users, we're using a
> > restricted shell with telnet, but with ssh, we haven't found a way to
> > prevent ssh from allowing a shell command (e.g. ssh <host> ls -l) and
> > forcing the user to only go through the menu.
> 
> For OpenSSH you can specify a forced command in the ~/.ssh/authorized_keys2 
> file. For example, if a script should be executed each time someone 
> does ssh to user@xxxx, the ~/.ssh/authorized_keys2 might look like:
> command="your_script" ssh-dss AAAAB3Nza... OpenSSH key

Thanks for the pointers Werner.  We did finally find a solution.
sshd_config does have an AllowGroups parameter that can restrict who can
use the service and who can't.  This seems to do the job, at least
according to the docs.  

> For example, to allow people to copy a specific file from a server
> without giving them ssh login or scp, add the following line to 
> ~/.ssh/authorized_keys2 on your server:
> command="/bin/cat ~/FileName" ssh-dss AAAAB3Nza... OpenSSH key
> 
> On the client node, the user can retrieve this file by running:
> ssh user@xxxxxx > FileName

I didn't know about this, and I can see where this might be useful in
certain cases.

Thanks again,
        .../Ed

-- 
Ed Wilts, Mounds View, MN, USA
mailto:ewilts@xxxxxxxxxx
Member #1, Red Hat Community Ambassador Program



_______________________________________________

Pam-list@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux