Login Authenication
I have three server which are 192.168.0.1 , 192.168.0.2 , 192.168.0.3 ,
and have already setup the openldap authentication while 192.168.0.1 is the master ldap server , now the user can authenticate via the ldap then access the servers, however , some users should not be allowed to login 192.168.0.2 , but now they can login this server via the ldap as the ldap server accept the authentication , for example , the user run 'ssh 192.168.0.2' , the ldap accept the authentication then allow the user to login this server , can advise how to forbid the unauthorized user can access 192.168.0.2' ? thx |
The SSH daemon on 192.168.0.2 can have an itemized list of either users or groups that are either allowed or denied access in the /etc/ssh/sshd_config file. See 'man sshd_config'.
For example: Code:
AllowUsers fred steve slim |
Quote:
how about telnet instead ssh , how to do what you said ? thx in advance. |
To control logins via telnet, I believe you would have to use PAM, by creating or modifying a file, probably /etc/pam.d/telnetd, with some rules in it. I don't know enough to give instructions. See 'man pam'.
Also note that, at least on my Mandriva system, the file /etc/pam.d/sshd references a list of banned users, /etc/ssh/denyusers, so you could also use PAM to control SSH access. In fact, that's probably the preferred method. |
All times are GMT -5. The time now is 10:29 AM. |