How to restrict console login
Richard Riley
rriley at ariba.com
Tue Mar 25 20:29:03 UTC 2008
Joseph's response to modify /etc/security/acces.conf is the best. You
would have an entry similar to the following.
-:ALL EXCEPT root tty1 tty2 tty3 tty4 tty5 tty6
The "tty" ports are associated with console access. You may have more
or less on your machine. Run "ps -ef |grep tty" to find out exactly
what you have.
Be sure you test before putting in production - i.e. login via ssh
(should be a "pts" port), su to root, make change, maintain this
connection, and check console access. Also check another ssh
connection. If it works as expected, you should be OK. The first ssh
session is to insure you have a session that you can back out the change
if new console access fails.
Richard Riley
Ariba, Inc.
> >-----Original Message-----
> >From: redhat-sysadmin-list-bounces at redhat.com
> >[mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf
> >Of Hearn, Stan J.
> >Sent: Tuesday, March 25, 2008 3:00 PM
> >To: redhat-sysadmin-list at redhat.com
> >Subject: RE: How to restrict console login
> >
> >You mentioned console access in your first email. This will
> >limit ssh access. Console access means sitting down at the
> >system and logging in.
> >I think that is different. I believe the suggestion by
> >David would limit console access.
> >
> >Stan
> >
> >
> >-----Original Message-----
> >From: redhat-sysadmin-list-bounces at redhat.com
> >[mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf
> >Of David Nguyen
> >Sent: Tuesday, March 25, 2008 2:49 PM
> >To: redhat-sysadmin-list at redhat.com
> >Subject: RE: How to restrict console login
> >
> >Joseph,
> >
> >I had tried that but not work. Finally, I found an article
> >in The Secure Shell - The Definitive Guide from O'Reilly
> >shows how to do this... just simply add following entry into
> >/etc/sshd_config.
> >Stop/start sshd daemon.
> >
> >DenyUsers <account id>
> >
> >Thanks for all your help, guys.
> >
> >David
> >
> >>>> jolt at ti.com 03/25/08 1:30 PM >>>
> >David,
> >
> >Have a look at /etc/security/access.conf. You can restrict
> >logon access there, but su should still work. Otherwise,
> >you could setup sudo.
> >
> >Regards,
> >
> >Joseph
> >
> >-----Original Message-----
> >From: redhat-sysadmin-list-bounces at redhat.com
> >[mailto:redhat-sysadmin-list-bounces at redhat.com] On Behalf
> >Of David Nguyen
> >Sent: Tuesday, March 25, 2008 2:04 PM
> >To: redhat-sysadmin-list at redhat.com
> >Subject: How to restrict console login
> >
> >Hi,
> >
> >How do I restrict an user login direct from console but
> >still allow others to use su to switch account to this user?
> > I'm talking about a regular account not root account.
> >
> >Thanks,
> >David
> >
> >
> >--
> >redhat-sysadmin-list mailing list
> >redhat-sysadmin-list at redhat.com
> >https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
> >
> >--
> >redhat-sysadmin-list mailing list
> >redhat-sysadmin-list at redhat.com
> >https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
> >
> >
> >--
> >redhat-sysadmin-list mailing list
> >redhat-sysadmin-list at redhat.com
> >https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
> >
> >--
> >redhat-sysadmin-list mailing list
> >redhat-sysadmin-list at redhat.com
> >https://www.redhat.com/mailman/listinfo/redhat-sysadmin-list
> >
More information about the redhat-sysadmin-list
mailing list