Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-23-2006, 09:22 PM
|
#1
|
Member
Registered: Jan 2006
Location: taiwan
Posts: 156
Rep:
|
Login Authenication
I have three server which are 192.168.0.1 , 192.168.0.2 , 192.168.0.3 ,
and have already setup the openldap authentication while 192.168.0.1 is
the master ldap server , now the user can authenticate via the ldap
then access the servers, however , some users should not be allowed to
login 192.168.0.2 , but now they can login this server via the ldap as
the ldap server accept the authentication , for example , the user run
'ssh 192.168.0.2' , the ldap accept the authentication then allow the
user to login this server , can advise how to forbid the unauthorized
user can access 192.168.0.2' ? thx
|
|
|
08-23-2006, 10:37 PM
|
#2
|
Member
Registered: Jul 2006
Location: Maryland, USA
Distribution: Fedora and others
Posts: 757
Rep:
|
The SSH daemon on 192.168.0.2 can have an itemized list of either users or groups that are either allowed or denied access in the /etc/ssh/sshd_config file. See 'man sshd_config'.
For example:
Code:
AllowUsers fred steve slim
DenyUsers cracker sloppy
AllowGroups engineer science
DenyGroups account* manage*
Note that you could create a new supplemental group for this purpose and only put authorized users in that group. Then you could add users to the group and remove them as the needs change.
|
|
|
08-24-2006, 04:02 AM
|
#3
|
Member
Registered: Jan 2006
Location: taiwan
Posts: 156
Original Poster
Rep:
|
Quote:
Originally Posted by KenJackson
The SSH daemon on 192.168.0.2 can have an itemized list of either users or groups that are either allowed or denied access in the /etc/ssh/sshd_config file. See 'man sshd_config'.
For example:
Code:
AllowUsers fred steve slim
DenyUsers cracker sloppy
AllowGroups engineer science
DenyGroups account* manage*
Note that you could create a new supplemental group for this purpose and only put authorized users in that group. Then you could add users to the group and remove them as the needs change.
|
thx reply,
how about telnet instead ssh , how to do what you said ? thx in advance.
|
|
|
08-24-2006, 06:25 AM
|
#4
|
Member
Registered: Jul 2006
Location: Maryland, USA
Distribution: Fedora and others
Posts: 757
Rep:
|
To control logins via telnet, I believe you would have to use PAM, by creating or modifying a file, probably /etc/pam.d/telnetd, with some rules in it. I don't know enough to give instructions. See 'man pam'.
Also note that, at least on my Mandriva system, the file /etc/pam.d/sshd references a list of banned users, /etc/ssh/denyusers, so you could also use PAM to control SSH access. In fact, that's probably the preferred method.
|
|
|
All times are GMT -5. The time now is 09:35 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|