On Wed, Dec 16, 2009 at 04:52:02PM +0100, RalfGesellensetter wrote:
Am Dienstag, 8. Dezember 2009 schrieb Klaus Ade Johnstad:You could deploy a "hack" with cron and sshd.conf, but have youlooked at pam_time and /etc/security/group.conf? Maybe also have a look at the firewall pfsense, which I believe has the possibility to open/close ssh based on times.Thank you, I found a documentation at http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_time.htmlThis might be a starting point. And with pam_list it should be possible to limit the usage of specific login-names/accounts to specific hosts (will have to find out later).
Beware that PAM only guards _establishing_ a session: Existing sessions are not dropped, so a clever user could establish a long-running session and then reuse that later on.
Blocking _access_ is best done using a firewall. The default firewall bootstrapping config could be use for "daytime", invoked by cron e.g. mon-fri morning and a tighter config fork invoked in the afternoon.
- Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Attachment:
signature.asc
Description: Digital signature