[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openssh-server's default config is dangerous

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Jul 12, 2016 at 09:31:41AM -0400, Stefan Monnier wrote:

[...]

> Indeed, I just saw those replies.  Didn't know about AllowGroups.
> 
> This said, it doesn't quite address my need: rather than say "only allow
> SSH access to userfoo and userbar", I'd like to do "disallow non-GDM
> access for userfoo and userbar".

That would include the local Linux console?

> The main issue is the difference between SSH and non-GDM: how do I make
> sure non-GDM/non-SSH accesses are also disallowed?
> 
> It's really something that should be addressed in PAM rather than in
> SSH's config.

Sounds about right, if I understood you correctly.

Regards
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAleE88IACgkQBcgs9XrR2kbxPwCaAn6VKsXq6cYezuoy/YSKhFbR
HnQAn1MroKdtG4sFsS5PbhZVISxLA7Xn
=zmnI
-----END PGP SIGNATURE-----
Reply to: