Selective passwd-based access via SSH

To: debian-user@lists.debian.org
Subject: Selective passwd-based access via SSH
From: "Grzegorz B. Prokopski" <gadek@debian.org>
Date: Mon, 28 Mar 2005 03:03:35 -0500
Message-id: <[🔎] 1111997016.1085.166.camel@localhost.localdomain>

Hi,

On my machines I usually use SSH-key based remote access only.  It
turned out, however, that for a special user, who uses sftp only,
I'd need to allow for passwd-based access.

The user needs no real shell, so I'll use either scponly or rssh,
and expect no big problems here.

However the authentication setup puzzles me.  I imagine I'd need
to tell SSHD to use PAM, then tell PAM to disallow passwd-based
access for everyone, besides this special user.  I looked at
the description of PAM modules on the web, but none of them seemed
to give what I want.

OTOH I am no PAM expert, and I don't think I could be the only
one who needs more sophisticated access control.

Any hints, URLs, good RTFMs are welcome,

				Grzegorz B. Prokopski

PS: A Cc: on reply would be appreciated.  I am not on the list,
but I can check the archives.
-- 
Grzegorz B. Prokopski           <gadek@sablevm.org>
SableVM - Free, LGPL'ed Java VM  http://sablevm.org
Why SableVM ?!?                  http://sablevm.org/wiki/Features
Debian GNU/Linux - the Free OS   http://www.debian.org

Reply to:

Follow-Ups:
- Re: Selective passwd-based access via SSH
  - From: bmarcum@iglou.com (Bill Marcum)
- Re: Selective passwd-based access via SSH
  - From: Alan Chandler <alan@chandlerfamily.org.uk>

Prev by Date: Re: Hard Lockups can't happen (can they?)
Next by Date: Re: Hard Lockups can't happen (can they?)
Previous by thread: Re: problems with svn and apache2
Next by thread: Re: Selective passwd-based access via SSH
Index(es):
- Date
- Thread