This is a discussion on RE: PAM and SSH - openssh ; It does not seem to work. It appears that for sshd, sshusers would have to be their primary group = and it is not. It also appears that the Allow* directives act like seives. You have to = pass all ...
It does not seem to work.
It appears that for sshd, sshusers would have to be their primary group =
and it is not.
It also appears that the Allow* directives act like seives. You have to =
pass all of the specified criteria to get in.
This means they would have be in the right group AND local rather than =
OR which is what I need.
Does anyone know how to do this with PAM?
I now have the "remoteusers" group setup so that might make it easier.
From: Darren Tucker [mailto:firstname.lastname@example.org]
Sent: March 16, 2006 4:04 PM
To: Ron Wheeler
Cc: email@example.com; firstname.lastname@example.org
Subject: Re: PAM and SSH
Ron Wheeler wrote:
> I would like to allow ssh access from=20
> 1) anyone on the 192.168.1.0/24 network
> 2) anyone on a list of users.
An alternative to using pam_listfile (assuming you're using OpenSSH):
Put your chosen few users into a group, say, "sshusers" then put the
following in sshd_config:
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.