- Modify /etc/security/access.conf and add the following line at bottom of file
- - :User1:ALL EXCEPT server1.example.com server1 server2.example.com LOCAL
- Verify these configuration are set in /etc/ssh/sshd_config
- UsePAM yes
- PasswordAuthentication yes
- ChallengeResponseAuthentication no
- Verify or modify /etc/ssh/sshd_config and remove tomcat from DenyUsers if listed
- DenyUsers UserX UserY UserZ
- NOTE: (Only need to modify sshd in pam.d)
- Modify /etc/pam.d/login and add this line before account system-auth line
- account required pam_access.so
- Modify /etc/pam.d/sshd and add this line before “account include password-auth”
- account required pam_access.so
- Restart sshd
- Service sshd restart
- Set temp password for user1
- # passwd user1
- Test login from server1 and server2
- Should be able to login with the password.
- a. [user1@server1 ~]$ ssh user1@server2
- Test login from some other linux box and this should fail.
- [serverX@web]$ ssh user1@server1
- Kernel \\r on an \\m
- user1@server2 password:
- Connection closed by server
Tuesday, March 22, 2016
How to Restrict ssh Access
How to Restrict SSH Access for User1
Labels:
Linux,
Red Hat,
Red Hat Enterprise Linux 7,
ssh
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment