How can I restrict who can login with ssh? (SCO Unix)

We often have systems that have run for years with no connection to the outside world, and now suddenly an Internet connection is added and ssh access is set up. Unfortunately, many users have weak or even blank passwords.

If only some users need to use ssh, it's best to set up new users with strong passwords and restrict ssh to only those users.

You do this by adding a line like this to /etc/ssh/sshd_config

 AllowUsers      doug essex 
 

Restart sshd after making this change (you can even do that if you are currently logged in over ssh). Only those users will be allowd ssh access.

Dave DiPietro noted: SCO versions may put the sshd configuration file at /usr/local/etc/sshd_config.


Got something to add? Send me email.





(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> (SCO Unix) How can I restrict who can login with ssh?

6 comments



Increase ad revenue 50-250% with Ezoic








Fri Sep 26 09:30:53 2008: 4606   JW


Just what I needed and works great, thanks!



Sun Mar 8 22:22:12 2009: 5633   anonymous

gravatar
Can I put the list of valid users into an external file, then have sshd_config source that file?






Sun Mar 8 23:33:22 2009: 5634   TonyLawrence

gravatar
I'm not aware of any version that has inclusion features - it certainly would be a good idea. ALL config files should do that..



Tue Jul 7 07:57:34 2009: 6617   anonymous

gravatar
Really Gud But I have one doubt about this.
Can we add this parameter to any where in to this file /etc/ssh/sshd_config or
do we have any specific line to add this entry.
Please let us know.



Tue Jul 7 10:24:51 2009: 6618   TonyLawrence

gravatar
You can put the line anywhere. Usually you'd put it down with other login related lines just for neatness.



Sun Jun 27 12:28:26 2010: 8748   anonymous

gravatar


For production systems, remove every user. Maintenance should be done by dialogs. This reduces human error. Ofcourse the dialogs must be developed on a test system. We made segregation of duty work and all without shell access. If systems fail you can finally, start a shell via a dialog or log on with root on the console.
There must be more tools, but we used FJD (FastJournaledDialog.nl).

Greetings Freddy




------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us