1 |
Un poco guarrada si que es... |
2 |
Yo esto lo hacia poniendoles como shell en el fichero /etc/passwd |
3 |
/bin/nologin en OpenBSD. Habrá algo parecido en Linux... |
4 |
Para realizar operaciones con SSH tenía que pasar una opción a la linea |
5 |
de comandos para que no intentara abrir shell. |
6 |
Si necesitáis más concreción preguntad... |
7 |
|
8 |
Alberto Garcia Hierro wrote: |
9 |
|
10 |
>-----BEGIN PGP SIGNED MESSAGE----- |
11 |
>Hash: SHA1 |
12 |
> |
13 |
> |
14 |
> |
15 |
> Es una guarrada, pero quizas funcione. Has probado a meterles un logout en el |
16 |
>~/.bashrc? |
17 |
> |
18 |
> |
19 |
>El Domingo 18 Abril 2004 22:07, d2clon@×××××××××××××××.org escribió: |
20 |
> |
21 |
> |
22 |
>>gracias krs: |
23 |
>> |
24 |
>>pero creo que debo pemitir el acceso via ssh a estos usuarios.. o si no no |
25 |
>>podrán descargarse el cvs.. |
26 |
>> |
27 |
>>he probado lo que me dices.. y, en efecto, no se les permite el acceso ssh |
28 |
>>a los usuarios que defina en DenyUsers ... pero a la vez tambien se les |
29 |
>>impide el acceso al cvs.. por que el cvs usa conexion ssh :( |
30 |
>> |
31 |
>>estoy llegando a la conclusión que el acceso ssh y el acceso a consola son |
32 |
>>imprescindibles para uso del cvs.. lo cual es una putada |
33 |
>> |
34 |
>>por que si doy de alta un usuario en el cvs.. indibidiblemente tiene acceso |
35 |
>>a la consola.. joer joer |
36 |
>> |
37 |
>>gracias por lo de DenyUser de todos modos.. mola.. me servirá para otras |
38 |
>>cosass |
39 |
>> |
40 |
>>saludos |
41 |
>>d2clon |
42 |
>> |
43 |
>>On Sunday 18 April 2004 19:59, krs wrote: |
44 |
>> |
45 |
>> |
46 |
>>>-----BEGIN PGP SIGNED MESSAGE----- |
47 |
>>>Hash: SHA1 |
48 |
>>> |
49 |
>>>Prueba con añadir a tu fichero /etc/ssh/sshd_config una linea que ponga |
50 |
>>>DenyUsers y la lista de usuarios que no quieres que accedan por ssh |
51 |
>>>separados por espacios, supongo que eso servirá. |
52 |
>>> |
53 |
>>>- - |
54 |
>>> DenyUsers |
55 |
>>> This keyword can be followed by a list of user name |
56 |
>>>patterns, separated by spaces. Login is disallowed for user names that |
57 |
>>>match one of the patterns. `*' and `?' can be used as wildcards in the |
58 |
>>>patterns. Only user names are valid; a numerical user ID is not |
59 |
>>>recognized. By default, login is allowed for all users. If the pattern |
60 |
>>>takes the form USER@HOST then USER and HOST are separately checked, |
61 |
>>>restricting logins to particular users from particular hosts. |
62 |
>>>- - |
63 |
>>>Sacado de man sshd_config :) |
64 |
>>> |
65 |
>>>Saludos |
66 |
>>> |
67 |
>>>El Sábado, 17 de Abril de 2004 19:29, d2clon@×××××××××××××××.org escribió: |
68 |
>>> |
69 |
>>> |
70 |
>>>>nada gente.. |
71 |
>>>>he hecho lo que me comentais |
72 |
>>>>le he definido como shell -> /bin/false |
73 |
>>>>y he creado la entrada en /etc/shells |
74 |
>>>> |
75 |
>>>>y en efecto no consigue acceder a la shell |
76 |
>>>>=======================================0 |
77 |
>>>>trucha@biit tmp $ ssh -lotoanonimo susana |
78 |
>>>>otoanonimo@susana's password: |
79 |
>>>>Last login: Mon Jan 17 17:48:34 2005 from 10.0.0.5 |
80 |
>>>>Connection to susana closed. |
81 |
>>>>=======================================0 |
82 |
>>>> |
83 |
>>>>pero .. : |
84 |
>>>>=======================================0 |
85 |
>>>>trucha@biit tmp $ export CVSROOT="otoanonimo@susana:/home/cvs/rep" |
86 |
>>>>trucha@biit tmp $ cvs co oto |
87 |
>>>>otoanonimo@susana's password: |
88 |
>>>>cvs [checkout aborted]: end of file from server (consult above messages |
89 |
>>>>if any) |
90 |
>>>>=======================================0 |
91 |
>>>> |
92 |
>>>>ya veis.. no consigue conectarse para checkout el módulo |
93 |
>>>>pone que consulte noseque mensajes.. pero no se a que log se refiere |
94 |
>>>>me he fijado que en el servidor no hay ningun log del cvs :/ |
95 |
>>>> |
96 |
>>>>d2clon |
97 |
>>>> |
98 |
>>>>On Saturday 17 April 2004 17:33, Alberto Garcia Hierro wrote: |
99 |
>>>> |
100 |
>>>> |
101 |
>>>>>-----BEGIN PGP SIGNED MESSAGE----- |
102 |
>>>>>Hash: SHA1 |
103 |
>>>>> |
104 |
>>>>>El Sábado 17 Abril 2004 16:39, Alberto F. Capel escribió: |
105 |
>>>>> |
106 |
>>>>> |
107 |
>>>>>>podrías ponerles de shell /bin/false en /etc/passwd. |
108 |
>>>>>> |
109 |
>>>>>>Espero que funcione. |
110 |
>>>>>> |
111 |
>>>>>> |
112 |
>>>>> y añadir /bin/false en /etc/shells |
113 |
>>>>> |
114 |
>>>>>- -- |
115 |
>>>>>/* Alberto García Hierro (Skyhusker) */ |
116 |
>>>>>-----BEGIN PGP SIGNATURE----- |
117 |
>>>>>Version: GnuPG v1.2.4 (GNU/Linux) |
118 |
>>>>> |
119 |
>>>>>iD8DBQFAgU5S4O6JklHkL2cRAi0hAJ9gspJkwPBN/lGFul2ocUb+cneMRwCgigSf |
120 |
>>>>>2NOWruxPNuIHbcf7YKBjZd4= |
121 |
>>>>>=XrG4 |
122 |
>>>>>-----END PGP SIGNATURE----- |
123 |
>>>>> |
124 |
>>>>> |
125 |
>>>>-- |
126 |
>>>>gentoo-user-es@g.o mailing list |
127 |
>>>> |
128 |
>>>> |
129 |
>>>- -- |
130 |
>>>#################################### |
131 |
>>># http://logicmind.org # |
132 |
>>># Usuario Linux registrado #303351 # |
133 |
>>># Clave publica PGP disponible en: # |
134 |
>>># http://krs.logicmind.org/krs.asc # |
135 |
>>>#################################### |
136 |
>>>-----BEGIN PGP SIGNATURE----- |
137 |
>>>Version: GnuPG v1.2.4 (GNU/Linux) |
138 |
>>> |
139 |
>>>iD8DBQFAgsHukXEYdwsx9VURAhFJAJ9rMT46vZcMoEb+Li0RsicBMzIIFACeP0VD |
140 |
>>>uqr6LrmnVf1jhnpmBn0w/6Y= |
141 |
>>>=X3Oe |
142 |
>>>-----END PGP SIGNATURE----- |
143 |
>>> |
144 |
>>> |
145 |
>>-- |
146 |
>>gentoo-user-es@g.o mailing list |
147 |
>> |
148 |
>> |
149 |
> |
150 |
>- -- |
151 |
>/* Alberto García Hierro (Skyhusker) */ |
152 |
>-----BEGIN PGP SIGNATURE----- |
153 |
>Version: GnuPG v1.2.4 (GNU/Linux) |
154 |
> |
155 |
>iD8DBQFAguPr4O6JklHkL2cRAhnGAJ49/F6L+jdrgeTGyDulQdySd3mxkwCfedXi |
156 |
>43r7CVFTxMyJV+I2jQ+ThnU= |
157 |
>=/jdm |
158 |
>-----END PGP SIGNATURE----- |
159 |
> |
160 |
>-- |
161 |
>gentoo-user-es@g.o mailing list |
162 |
> |
163 |
> |
164 |
> |
165 |
> |
166 |
> |
167 |
|
168 |
|
169 |
-- |
170 |
gentoo-user-es@g.o mailing list |