Sign in to follow this  

Restricting Certain Users from using SSH

This topic is 4868 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I have a computer set up with Red Hat 9 and have sshd all set up and working. I also have a FTP server on the same box, with one account that all FTP users use to gain access to. I've looked around in man files, searched on google etc but (unless I missed something) haven't been able to find a way to restrict a user from using SSH. What I want is to disable the FTP account's ability to login through SSH and change their password or something similarly hideous. Is this even the right way to look at the problem, or is there another way I should be looking at this? Thanks.

Share this post


Link to post
Share on other sites
Quote:
Original post by modena
What I want is to disable the FTP account's ability to login through SSH and change their password or something similarly hideous.
Why did you give the ftp account a password, it should just have just been disabled...

Share this post


Link to post
Share on other sites
More specifically, you can disable a users ability to login by changing the shell that they use to "/sbin/nologin". (IE. open the file "/etc/passwd", find your ftp user account, and change the last field to be "/sbin/nologin").

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Quote:
Original post by Ranok
More specifically, you can disable a users ability to login by changing the shell that they use to "/sbin/nologin". (IE. open the file "/etc/passwd", find your ftp user account, and change the last field to be "/sbin/nologin").
I'm not sure that's true. Doesn't SSH allow arbitary "shells"? How does rcp and scp work then...

and I'm SURE I've seen SSH sessions that had NO shell, only an X session.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Oh yeah, and you diable an account by having a password hash of (usually) just 'x', since that's imposible to get, nobody is ever able to authenticate as that user.

Share this post


Link to post
Share on other sites
Sign in to follow this