LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 08-23-2006, 08:22 PM   #1
sunhui
Member
 
Registered: Jan 2006
Location: taiwan
Posts: 156

Rep: Reputation: 30
Login Authenication


I have three server which are 192.168.0.1 , 192.168.0.2 , 192.168.0.3 ,
and have already setup the openldap authentication while 192.168.0.1 is
the master ldap server , now the user can authenticate via the ldap
then access the servers, however , some users should not be allowed to
login 192.168.0.2 , but now they can login this server via the ldap as
the ldap server accept the authentication , for example , the user run
'ssh 192.168.0.2' , the ldap accept the authentication then allow the
user to login this server , can advise how to forbid the unauthorized
user can access 192.168.0.2' ? thx
 
Old 08-23-2006, 09:37 PM   #2
KenJackson
Member
 
Registered: Jul 2006
Location: Maryland, USA
Distribution: Fedora, Arch
Posts: 572

Rep: Reputation: 64
The SSH daemon on 192.168.0.2 can have an itemized list of either users or groups that are either allowed or denied access in the /etc/ssh/sshd_config file. See 'man sshd_config'.

For example:
Code:
AllowUsers fred steve slim
DenyUsers cracker sloppy

AllowGroups engineer science
DenyGroups account* manage*
Note that you could create a new supplemental group for this purpose and only put authorized users in that group. Then you could add users to the group and remove them as the needs change.
 
Old 08-24-2006, 03:02 AM   #3
sunhui
Member
 
Registered: Jan 2006
Location: taiwan
Posts: 156

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by KenJackson
The SSH daemon on 192.168.0.2 can have an itemized list of either users or groups that are either allowed or denied access in the /etc/ssh/sshd_config file. See 'man sshd_config'.

For example:
Code:
AllowUsers fred steve slim
DenyUsers cracker sloppy

AllowGroups engineer science
DenyGroups account* manage*
Note that you could create a new supplemental group for this purpose and only put authorized users in that group. Then you could add users to the group and remove them as the needs change.
thx reply,
how about telnet instead ssh , how to do what you said ? thx in advance.
 
Old 08-24-2006, 05:25 AM   #4
KenJackson
Member
 
Registered: Jul 2006
Location: Maryland, USA
Distribution: Fedora, Arch
Posts: 572

Rep: Reputation: 64
To control logins via telnet, I believe you would have to use PAM, by creating or modifying a file, probably /etc/pam.d/telnetd, with some rules in it. I don't know enough to give instructions. See 'man pam'.

Also note that, at least on my Mandriva system, the file /etc/pam.d/sshd references a list of banned users, /etc/ssh/denyusers, so you could also use PAM to control SSH access. In fact, that's probably the preferred method.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Login Authenication sunhui Linux - Software 1 07-27-2006 01:52 AM
Slow authenication - Proftp behind firewall - pls help lapson Linux - Networking 0 07-25-2006 11:02 PM
Domain Authenication Trainlogan Linux - Security 2 08-12-2005 09:10 AM
Can't get authenication with Apache bentman78 Linux - Software 3 09-10-2003 03:34 PM
Secure Password Authenication danielrcummins Linux - Software 2 03-26-2003 09:05 PM


All times are GMT -5. The time now is 11:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration