On Sat, Nov 22, 2014 at 10:55:23AM +0100, Jürgen Leibner wrote:
> Am Samstag 22 November 2014, 10:37:19 schrieb Petter Reinholdtsen:
> > This will block members of the group from login in via ssh.
> >
> > One challenge is that LTSP uses SSH to log in users when using LDM,
> > so if ssh login on the LTSP server is blocked like this, the user
> > will not be able to log in on LTSP clients either. One way around
> > that might be to allow everyone on the school network to log in, but
> > only members of a group (say 'remotesshlogin') access via ssh from
> > outside the school.
> >
> > What do the rest of you think about such idea? Something for the
> > version after Jessie? Perhaps something to document in the manual for
> > Jessie? If so, which recipe should we recommend?
As the usage of a Debian Edu network is supposed to have a lot of facets
I guess it would be good to only mention some possibitities in the
manual and leave the implementation to the local admins.
Remote access from outside the school might come in quite different ways
as well and maybe with other networks and a router/firewall in between.
> The most important question for me is, how can it be done with gosa,
> as it is the so called central solution for user administration in our
> distro?
With GOsa it's quite simple:
(1) Create a group like 'sshusers' on the root level
(where already other system management related groups like
'gosa-admins' show up).
(2) Add users to the new group 'sshusers'.
(3) Add 'AllowGroups sshusers' to /etc/ssh/sshd_config
(4) 'service ssh restart'
Wolfgang
Attachment:
signature.asc
Description: Digital signature