Re: Controlling server access

To: Simon Tennant <simon@imaginator.com>
Cc: debian debian-isp <debian-isp@lists.debian.org>, Robin * Slomkowski <robin@parts-unknown.com>
Subject: Re: Controlling server access
From: Dan MacNeil <dan@thecsl.org>
Date: Tue, 12 Sep 2006 10:27:06 -0400
Message-id: <[🔎] 4506C3BA.5030007@thecsl.org>
In-reply-to: <[🔎] 4506C10F.3080305@imaginator.com>
References: <[🔎] 4506C10F.3080305@imaginator.com>

Simon Tennant wrote:

I am curious about how other Debian sys-admins currently authorize who
can log onto their servers.  We are thinking about LDAPing a large
number of servers but this will currently lead to all user then being
able to log onto the servers.

What are other's doing to limit this to a small subset of users who can
ssh in?

S.


man sshd_config says:

     AllowGroups
        This keyword can be followed by a list of group name
	patterns, separated by spaces.  If specified, login
        is allowed only for users whose primary group or
	supplementary group list matches one of the patterns.
        '*' and '?' can be used as wildcards in the patterns.
	Only group names are valid; a numerical group ID
        is not recognized.  By default, login is allowed
	for all groups.

--I think somebody pointed this out to me. I don't think I read the manpage on my own.

Reply to:

Follow-Ups:
- Re: Controlling server access
  - From: Simon Tennant <simon@imaginator.com>

References:
- Controlling server access
  - From: Simon Tennant <simon@imaginator.com>

Prev by Date: Re: LTO-3 Drive
Next by Date: Re: LTO-3 Drive
Previous by thread: Controlling server access
Next by thread: Re: Controlling server access
Index(es):
- Date
- Thread