Re: new twist on shutting down and restricting ssh users
I'll answer everyone at once below.
On Wed, Mar 06, 2002 at 04:11:44PM -0500, dman wrote:
My original question :
| I want to allow my dad to shut down the router/gateway. I want to do
| this by creating a login name "halt" that simply shuts down. I did
| this by making /sbin/halt the shell. As I understand it, only root is
| allowed to halt a system, so I made halt owned by root:halt with
| permissions 4754. This works, but I am interested in comments on the
| pros/cons of this setup. In addition, I want to disallow loggin in as
| 'halt' via ssh. How can I do that?
Sean 'Shaleh' Perry :
| I gave my wife sudo access for halt only. It is not that hard to
| teach them to login, then type 'sudo halt'.
That would work (I was also planning on giving my dad a normal shell
account), but I want to keep it as simple as possible.
| ssh uses pam, so you can limit users via the pam interface. At
| least you should be able to anyways.
That would be cool, if I learn how to work PAM. With my current,
extremely limited, knowledge of pam I wonder if it has that
control that is that fine-grained. I don't want to disable the login
completely. That is a lesson for another day, though.
nate , Dave Sherohman , Osamu Aoki :
[paraphrasing]
| does this system have console access?
yes
[paraphrasing]
| just remap ctrl-alt-delete to shutdown
<comment to self>
DUH!
</comment to self>
Thanks for the reminder. Of course that's the simplest way to do it!
I even did that for my workstation and the laptop at my previous job
because I thought it was a good idea.
nate :
| [about ssh key-based logins]
First I'd have to get key-based login to work. I tried, once, for the
ssh at school, but I didn't succeed. I haven't yet spent more time
tyring and RTFMing, but it is something I want to learn!
| I personally do not let anyone in my family touch my
| computers, its the unspoken law. Don't go near them.
| i setup my ultra 1 so people can use it for stuff, but
| my firewalls and real servers are off limits.
|
| can't imagine why you'd need to let someone shut down
| a system ....but whatever :)
I'm moving to Chicago for co-op, remember? This 486 is staying behind
to manage the masquerading and firewall. I'm not going to be around,
so I need to leave a mechanism for properly shutting down the system.
As for my workstation, I'd like for everyone else to become
comfortable using it so that I can sitck debian on the rest of the
systems, but no one actually uses it.
Dave Sherohman , Andrew Agno :
| you can use AllowUsers or DenyUsers commands in /etc/sshd_config to
| control which users are allowed to connect via ssh.
Thanks! That's exactly what I was looking for.
-D
--
I tell you the truth, everyone who sins is a slave to sin. Now a slave
has no permanent place in the family, but a son belongs to it forever.
So if the Son sets you free, you will be free indeed.
John 8:34-36
Reply to: