##Prevent local login while allowing ssh login for a user
-
Assumptions:
- Running Ubuntu 12.04/14.04
- Affected user is
foouser
-
Edit
/etc/pam.d/login
and/etc/pam.d/sshd
- uncomment/add following line
account required pam_access.so
- Updating PAM configuration requires a reboot. Reboot now or after next step.
- Edit
/etc/security/access.conf
with adding floowing line
- :foouser :LOCAL
- Test - try logging in as
foouser
on local console/tty, then using ssh.- Local login should be denied (nothing really happens, you'll keep geeting login prompt)
- SSH access should work (using keys or password, doesn't matter).
- Watch rules order if you add more rules, it's important.
- No reboot is needed after adding new rules.