|
disable login over internet
is possible to diable login for one user over internet remotly.... so he could login only at the console?
|
Eh? What are you trying to do? Do you have one specific user that you don't want to access the machine by ssh, but still allow him/her access to the machine locally?
|
yes, he could login at the console.
|
well HOW are they logging in over the internet?? some useful information really wouldn't go amiss... are they using.. ssh, telnet, telnet-ssl, ftp, smb...?
since thymox mentioned ssh, you can restrict ssh logins with a line like denyusers that_user in sshd_config, or maybe a broader restriction in /etc/security/access.conf: -:that_user:ALL EXCEPT LOCAL |
Also if your distro supports PAM and if your service does too have a look at this.
Look at the security enforcing rules in /etc/security and /etc/usertty. Another way is a module called pam_listfile.so, for instance: add the line to the service you want to deny access for: "auth required /lib/security/pam_listfile.so item=user sense=allow file=/etc/pam.d/users.deny onerr=fail" (w/o quotes). Now touch and chmod 0600 the /etc/pam.d/users.deny and add the name of the user to it. |
the easies way is to comment the vc/1 - vc/x out in the file securetty (/etc)
sorry i can`t ensure that it will work, i never try it out... |
| All times are GMT -5. The time now is 06:09 PM. |