Re: openssh-server's default config is dangerous
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, Jul 12, 2016 at 09:31:41AM -0400, Stefan Monnier wrote:
[...]
> Indeed, I just saw those replies. Didn't know about AllowGroups.
>
> This said, it doesn't quite address my need: rather than say "only allow
> SSH access to userfoo and userbar", I'd like to do "disallow non-GDM
> access for userfoo and userbar".
That would include the local Linux console?
> The main issue is the difference between SSH and non-GDM: how do I make
> sure non-GDM/non-SSH accesses are also disallowed?
>
> It's really something that should be addressed in PAM rather than in
> SSH's config.
Sounds about right, if I understood you correctly.
Regards
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAleE88IACgkQBcgs9XrR2kbxPwCaAn6VKsXq6cYezuoy/YSKhFbR
HnQAn1MroKdtG4sFsS5PbhZVISxLA7Xn
=zmnI
-----END PGP SIGNATURE-----
Reply to: