Re: new twist on shutting down and restricting ssh users

To: debian-user@lists.debian.org
Subject: Re: new twist on shutting down and restricting ssh users
From: dman <dsh8290@rit.edu>
Date: Wed, 6 Mar 2002 18:25:10 -0500
Message-id: <[🔎] 20020306232510.GA4105@dman.ddts.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20020306211144.GA3829@dman.ddts.net>
References: <[🔎] 20020306211144.GA3829@dman.ddts.net>

I'll answer everyone at once below.

On Wed, Mar 06, 2002 at 04:11:44PM -0500, dman wrote:

My original question :

| I want to allow my dad to shut down the router/gateway.  I want to do
| this by creating a login name "halt" that simply shuts down.  I did
| this by making /sbin/halt the shell.  As I understand it, only root is
| allowed to halt a system, so I made halt owned by root:halt with
| permissions 4754.  This works, but I am interested in comments on the
| pros/cons of this setup.  In addition, I want to disallow loggin in as
| 'halt' via ssh.  How can I do that?


Sean 'Shaleh' Perry :
| I gave my wife sudo access for halt only.  It is not that hard to
| teach them to login, then type 'sudo halt'.

That would work (I was also planning on giving my dad a normal shell
account), but I want to keep it as simple as possible.

| ssh uses pam, so you can limit users via the pam interface.  At
| least you should be able to anyways.

That would be cool, if I learn how to work PAM.  With my current,
extremely limited, knowledge of pam I wonder if it has that
control that is that fine-grained.  I don't want to disable the login
completely.  That is a lesson for another day, though.


nate , Dave Sherohman , Osamu Aoki :

[paraphrasing]
| does this system have console access?

yes

[paraphrasing]
| just remap ctrl-alt-delete to shutdown

<comment to self>
DUH!
</comment to self>

Thanks for the reminder.  Of course that's the simplest way to do it!
I even did that for my workstation and the laptop at my previous job
because I thought it was a good idea.


nate :

| [about ssh key-based logins]

First I'd have to get key-based login to work.  I tried, once, for the
ssh at school, but I didn't succeed.  I haven't yet spent more time
tyring and RTFMing, but it is something I want to learn!

| I personally do not let anyone in my family touch my
| computers, its the unspoken law. Don't go near them.
| i setup my ultra 1 so people can use it for stuff, but
| my firewalls and real servers are off limits.
|
| can't imagine why you'd need to let someone shut down
| a system ....but whatever :)

I'm moving to Chicago for co-op, remember?  This 486 is staying behind
to manage the masquerading and firewall.  I'm not going to be around,
so I need to leave a mechanism for properly shutting down the system.

As for my workstation, I'd like for everyone else to become
comfortable using it so that I can sitck debian on the rest of the
systems, but no one actually uses it.


Dave Sherohman , Andrew Agno :

| you can use AllowUsers or DenyUsers commands in /etc/sshd_config to
| control which users are allowed to connect via ssh.

Thanks!  That's exactly what I was looking for.


-D

-- 

I tell you the truth, everyone who sins is a slave to sin.  Now a slave
has no permanent place in the family, but a son belongs to it forever.
So if the Son sets you free, you will be free indeed.
        John 8:34-36

Reply to:

Follow-Ups:
- Re: new twist on shutting down and restricting ssh users
  - From: Richard Hector <rhector@actrix.gen.nz>

References:
- new twist on shutting down and restricting ssh users
  - From: dman <dsh8290@rit.edu>

Prev by Date: Install problems from a newbie
Next by Date: RE: VPN on Kernel 2.4.18
Previous by thread: Re: new twist on shutting down and restricting ssh users
Next by thread: Re: new twist on shutting down and restricting ssh users
Index(es):
- Date
- Thread