Skip to content

Instantly share code, notes, and snippets.

@jozko

jozko/pam_and_access_conf.md

Last active May 13, 2016 14:17
Show Gist options
  • Save jozko/e5ba25a9e925066b554478f58ae1ca1a to your computer and use it in GitHub Desktop.
Save jozko/e5ba25a9e925066b554478f58ae1ca1a to your computer and use it in GitHub Desktop.
Download ZIP
Prevent local login while allowing ssh login for a user
Raw
pam_and_access_conf.md

##Prevent local login while allowing ssh login for a user

  • Assumptions:

    • Running Ubuntu 12.04/14.04
    • Affected user is foouser

  • Edit /etc/pam.d/login and /etc/pam.d/sshd - uncomment/add following line

account  required     pam_access.so
  • Updating PAM configuration requires a reboot. Reboot now or after next step.
  • Edit /etc/security/access.conf with adding floowing line
- :foouser :LOCAL
  • Test - try logging in as foouser on local console/tty, then using ssh.
    • Local login should be denied (nothing really happens, you'll keep geeting login prompt)
    • SSH access should work (using keys or password, doesn't matter).
    • Watch rules order if you add more rules, it's important.
    • No reboot is needed after adding new rules.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment