Block users from logging into SSH

Based on custom logic

In /etc/pam.d/sshd, add

session required pam_exec.so stdout /mylogic

/mylogic will be executed with environment variable $PAM_USER which is the user trying to logging in. You can run any custom logic against the user.

/mylogic can write to stdout, which will be displayed for the end user.

Based on user name or group name

Section 1 certainly is able to accomplish this task because you know the user from $PAM_USER. But a simpler way is to use AllowGroups or AllowUsers in /etc/sshd/sshd_config. You can also place files in /etc/sshd/sshd_config.d.

Block all users except root(?)

Create file /etc/nologin. No users can log in with the presence of the file. The content of the file will be printed for displaying a reason.

Only root can log in.

发表评论

电子邮件地址不会被公开。

:wink: :twisted: :roll: :oops: :mrgreen: :lol: :idea: :evil: :cry: :arrow: :?: :-| :-x :-o :-P :-D :-? :) :( :!: 8-O 8)