Re: disable telnet/ssh access by user

[Thornton Prime <thornton cnation com>]

On Sat, 30 Sep 2000, Dusty deBoer wrote:

> I have two user accounts set up on my home workstation (RH 6.1), say "guest" and
> "realuser". I want to set the guest account password to a simple password, so I
> can allow guests to use my workstation (X windows, other stuff) at the
> workstation. I want to keep telnet access open to "realuser" from the outside
> world, but I want to disable telnet access for "guest" since it will have an
> easy password. (In other words, only allow "guest" logins from the console.)
> 
> Any ideas on how to do this? A bonus if you can tell me how to set this up for
> ssh also (disable ssh access for guest from the outside world).

There are a number of different ways to do this through PAM.

The easiest is probably to use pam_wheel and create a group for all the
people who are allowed to login via telnet (or ssh). You then just add the
line 'auth       required     /lib/security/pam_wheel.so group=remoteok'
to your telnet and ssh PAM files and only members of the 'remoteok' group
can use those services.

You could also use the pam_access or pam_listfile modules. I'm sure other
PAM modules could be used to achieve the desired goal. PAM is fun.

thornton