Re: Turning off shell access

To: debian-user@lists.debian.org
Subject: Re: Turning off shell access
From: Andrew Cady <d@jerkface.net>
Date: Tue, 14 Mar 2006 16:00:29 -0500
Message-id: <[🔎] 20060314210028.GB12342@jerkface.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] E4BBB1E1-816B-44F4-A7F6-FDA1B9FE0D90@addihetja.com>
References: <[🔎] E4BBB1E1-816B-44F4-A7F6-FDA1B9FE0D90@addihetja.com>

On Tue, Mar 14, 2006 at 08:32:06PM +0000, Arnór Kristjánsson wrote:
> How can I turn off shell access (through SSH) for certain users?

If you want to disable all shell access (including local) then set the
user's login shell to something not in /etc/shells (/bin/false is a good
choice).

If you want to disable ssh access but allow all other access (including
telnet, xdm, etc., if you have them enabled!) then you can edit
/etc/pam.d/ssh to envoke the list-file module, documented in [1] in
the libpam-doc package.  This will allow you to specify either a
whitelist or a blacklist of users (or both).  You might want to create
a /etc/pam.d/common-netsession-blacklist which envokes this, then have
ssh, xdm, etc., merely include it.

[1] file:///usr/share/doc/libpam-doc/html/pam-6.html#ss6.13

Reply to:

Follow-Ups:
- Re: Turning off shell access
  - From: Dave Sherohman <esper@sherohman.org>

References:
- Turning off shell access
  - From: Arnór Kristjánsson <addi@addihetja.com>

Prev by Date: Re: Turning off shell access
Next by Date: Re: Newcomers to Debian downloading/ordering full CD-set
Previous by thread: Re: Turning off shell access
Next by thread: Re: Turning off shell access
Index(es):
- Date
- Thread