Bekijk de volledige versie : NO ssh login for local user from passwd
Hi guys,
after configuration vsftpd I need to disallow ssh login (port 22) for all users in /etc/passwd except root user.
Exist any command to do that, or the easier way is to erase some char in /etc/passwd?
thx!
replace the shell of the users in /etc/passwd with /sbin/nologin
example:
root:---------------:0:0:root:/usr/local/root:/bin/sh
nobody:x:99:99:nobody:/:/sbin/nologin
ftp:----------------:501:501:Linux User,,,:/home/ftp:/sbin/nologin
replace the shell of the users in /etc/passwd with /sbin/nologin
example:
root:---------------:0:0:root:/usr/local/root:/bin/sh
nobody:x:99:99:nobody:/:/sbin/nologin
ftp:----------------:501:501:Linux User,,,:/home/ftp:/sbin/nologin
Thanks for reply, but this is not exactly what I want, because now users cannot login over ftp:-(
What I want is to forbid only SSH login.
Here is an example for similar purpose which I can quickly find
http://subversion.apache.org/faq.html#ssh-authorized-keys-trick
However, you have to install openssh. dropbear doesn't allow this trick
Thanks for reply, but this is not exactly what I want, because now users cannot login over ftp:-(
What I want is to forbid only SSH login.
Strange...
I copied the sample out of my own passwd file (I only changed the password-hash into -------) But I can use the user ftp for ftp, but not for ssh.
I'm using ProFTPD, and apparently that doesn't check if the usershell exists.
cause when I checked it at my router, I found that /sbin/nologin is missing.
I guess your ftp-server (vsftpd?) however does check it.
You can try it with /bin/false as the user-shell, that one does exist and serves the same purpose.