LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 09-18-2009, 07:49 AM   #1
raju_email@yahoo.com
LQ Newbie
 
Registered: Sep 2009
Posts: 3

Rep: Reputation: 0
Redhat 5 - How to restrict a user to login only from remote machine


Hi,

I have a Redhat Enterprise Linux 5 and few windows XP machines in my network. Due to security reasons, i want few users to login to the linux system only from the windows XP machine. If those users try to login to the linux machine from the linux machine, the login should not be allowed.
 
Old 09-18-2009, 08:10 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 681Reputation: 681Reputation: 681Reputation: 681Reputation: 681Reputation: 681
Perhaps read through the /etc/security/access.conf for examples of allowing from certain places, or disallowing logins on the local virtual terminals for certain users. Also read man pam_access.

Are these users using putty to log in?
 
Old 09-18-2009, 09:06 AM   #3
ncsuapex
Member
 
Registered: Dec 2004
Location: Raleigh, NC
Distribution: CentOS 2.6.18-53.1.4.el5
Posts: 770

Rep: Reputation: 44
If the XP machine has as static IP you can use a line in /etc/ssh/sshd_config such as:

AllowUsers username@192.168.1.19 username2@192.168.1.19


Obviously change username to the username you want and the IP to the XP machines IP. You can have multiple users@ip on the line seperated by spaces. Then restart ssh


This is assuming they are using a ssh client(putty).
 
Old 09-19-2009, 12:08 AM   #4
raju_email@yahoo.com
LQ Newbie
 
Registered: Sep 2009
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by jschiwal View Post
Perhaps read through the /etc/security/access.conf for examples of allowing from certain places, or disallowing logins on the local virtual terminals for certain users. Also read man pam_access.

Are these users using putty to log in?
I have tried configuring /etc/security/access.conf, but still i cannot see any effect. Do I need to start any service or is there any setting so that the settings in access.conf are activated.

I am using winscp from windows xp machine to copy files.
 
Old 09-19-2009, 12:10 AM   #5
raju_email@yahoo.com
LQ Newbie
 
Registered: Sep 2009
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by ncsuapex View Post
If the XP machine has as static IP you can use a line in /etc/ssh/sshd_config such as:

AllowUsers username@192.168.1.19 username2@192.168.1.19


Obviously change username to the username you want and the IP to the XP machines IP. You can have multiple users@ip on the line seperated by spaces. Then restart ssh


This is assuming they are using a ssh client(putty).
I have given the following line in sshd_config.

AllowUsers raju@192.100.101.75 root@192.100.101.8

But still i am able to login as user raju from 192.100.101.8 (which should be blocked)
 
Old 09-19-2009, 12:11 AM   #6
saifkhan123
Member
 
Registered: Apr 2009
Distribution: Red Hat/CentOS
Posts: 108

Rep: Reputation: 19
restrictions

first of all, tell me what is the OpenSSH version on your RedHat 5 machine, and whether they use ssh or telnet to login? if they use ssh, than you can edit your /etc/ssh/sshd_config file as,

Code:
$ AllowUsers user@ip-address user@ip-address
you can use here ip-addresses as well as wild cards, for example, if you define "user@192.168.*.*", this will allow users only from this ip-pool, other users lets say internal ip-addresses 10.0.x.x will not be allowed, another approach you can use is to create a group of those users which you want to allow, than you can use

Code:
$ AllowGroup groupname
also if you want to restrict some specific users, you can use

Code:
DenyUsers <username> <username>
and also

Code:
DenyGroup groupname
hope this will help you, also you can refer to the ssh man pages for help
 
Old 09-20-2009, 08:43 AM   #7
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 681Reputation: 681Reputation: 681Reputation: 681Reputation: 681Reputation: 681
The information on ssh is contained in a number of manpages. ssh, sshd_config, ssh_config & sshd. You may not have restarted the ssh server after modifying /etc/ssh/sshd_config. Also look at the parameters that the sshd service used. Does it use a different config file than the default?

For example:
Code:
cat /proc/$(pidof sshd)/cmdline | tr '\0' ' ' && echo
/usr/sbin/sshd -o PidFile=/var/run/sshd.init.pid

or

ps  -f -C sshd
Posting your /etc/ssh/sshd_config configuration might help. Also the contents of /etc/pam.d/ssh as well.
Post the output of "chkconfig sshd" and "ls /etc/xinetd.d/"

Last edited by jschiwal; 09-20-2009 at 08:46 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to find the remote machine name I already login? windhair Linux - Newbie 3 08-14-2009 07:06 AM
how login to remote machine with out password? bkcreddy17 Linux - Newbie 2 02-16-2009 03:30 AM
how to restrict a user to login from one specified machine? hueofwind Linux - General 5 08-25-2006 09:13 AM
how can i restrict a samba user to a single login sravanth.svk Linux - Networking 0 08-25-2006 07:53 AM
Remote X login on RH 9.0 machine abhatia Linux - Networking 2 01-09-2004 06:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration