1 |
>> Should I do that via an ssh config setting, in shorewall, or somewhere else? |
2 |
> |
3 |
> I believe the right way would be to add 'account required |
4 |
> pam_access.so' line to /etc/pam.d/system-auth and define login |
5 |
> restrictions in /etc/securety/access.conf (it's also quite well |
6 |
> documented). |
7 |
> |
8 |
> That way you'll block ssh/ftp/mail etc logins for that account, which |
9 |
> should also be prone to brutforce attacks because of weak password. |
10 |
> |
11 |
> The catch is, of course, that you should have pam on your system ;) |
12 |
> |
13 |
> -- |
14 |
> Mike Kazantsev // fraggod.net |
15 |
|
16 |
Can anyone tell me how to find out which users on a system have a |
17 |
login shell (e.g. not /bin/nologin)? |
18 |
|
19 |
- Grant |