Account Links: Cart | Your Account | Logout

Skip to content

Red Hat Knowledgebase

Red Hat Knowledgebase Search:

Updated Within the Last:

New Solutions within the last day New Solutions within the last week New Solutions within the last month

Browse by topics:


Click to View a Topic
Red Hat Enterprise Linux > Red Hat Enterprise Linux 5 > Issue <<  289 of 364 >>

Solution Tools:


Email a Solution Postcard Printer version Submit a comment on this answer Update notifications Request an answer Back

Article Reference

Article ID: 12557
Last update: 04-07-08
Issue:
How do I configure PAM to only allow particular users login via sshd?
Resolution:

Release Found: Red Hat Enterprise Linux 5

PAM module pam_listfile.so can be used for this restriction.

Firstly, please create the allowed userlist file. Each line of the file is one username. Assume that the file name is /etc/sshd_userlist, and put the allowed user names in it:

redhat
root
user1

Then change the file permission to 600, and ownership to root:

chmod 600 /etc/sshd_userlist
chown root /etc/sshd_userlist

Next, modify /etc/pam.d/sshd, add the following line on the top of auth session:

auth required pam_listfile.so item=user sense=allow file=/etc/sshd_userlist onerr=succeed

Now, only redhat, root, and user1 are allowed by PAM to login via sshd.

When a user who is not in /etc/sshd_userlist attempts to login via sshd, system may log a message looked like below:

Jan 25 14:23:47 dhcp-0-092 sshd[828]: pam_listfile(sshd:auth): Refused user alice for service sshd

Please refer to /usr/share/doc/pam-version-[version]/txts/README.pam_listfile for the details of pam_listfile.so


How well did this entry answer your question?


good wrong incomplete out of date
Red Hat Enterprise Linux > Red Hat Enterprise Linux 5 > Issue <<   289  of  364  >>