Author: Boris Language: text
Description: SSH accounts (v2) Timestamp: 2014-09-08 20:11:07 +0000
View raw paste Parent paste by: Sean Reply
  1. Is it possible to create a user, allankris, that can only login via su
  2. - allankris but not via ssh?
  3. I know you can set /usr/sbin/nologin but the su - allankris indicates
  4. the account is not available.
  5.  
  6. The reason is to create a test user account without the need to have
  7. yet another password to keep track of and for the password to rotate,
  8. etc.
  9.  
  10.  
  11. There are parameters AllowUsers and AllowGroups in sshd_config.
  12. Using AllowUsers requires to specify *all* users allowed to use ssh. You will need to add any new ssh user there as you create them.
  13. Using AllowGroups is easier. You add users allowed to ssh in to some group (sshusers for example). This can be included into user creation.
  14. You would still need some reasonably complex password, because other users could su to that test account if they know the password.
View raw paste Parent paste by: Sean Reply