On Sat, 2002-11-09 at 23:49, Werner Puschitz wrote: > > Here is what you could do. Set PermitRootLogin to yes and use the > pam_access.so module to restrict direct root access to the server. > Add the following pam_access line to /etc/pamd.d/sshd: > account required /lib/security/pam_access.so > > The /etc/pam.d/ssh should look like: > auth required /lib/security/pam_stack.so service=system-auth > auth required /lib/security/pam_nologin.so > account required /lib/security/pam_access.so > account required /lib/security/pam_stack.so service=system-auth > ... > > Add the following line to /etc/security/access.conf: > -:root :ALL EXCEPT adminserver > > With this method, everyone should still be able to ssh from any server. > And you should be able to do direct root logins only from "adminserver". > > Make sure you test it thorougly since I didn't test it. >
very elegant. I will try this. Thanks, Bret -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
