I'm using CentOS, so PAM I think installed by default. if not, yum install pam should do.
Limiting SSH Users. Since I have hundreds of users on this box.
>You should be able to edit /etc/pam.d/sshd (meaning, you should be root here). Below is the original file.
#%PAM-1.0
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so
then just append the line below on that file.
#%PAM-1.0
auth required pam_listfile.so item=user sense=allow file=/etc/listfile/sshusers onerr=fail
Note: the /etc/listfile/sshusers is the file that contains the users list, those whom allowed to access ssh service on the host machine.
If you cant avoid to use telnet service. then append the entry below:
auth required pam_listfile.so item=user sense=allow file=/etc/listfile/loginusers onerr=fail
to the /etc/pam.d/remote file, which the original contents are below:
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_stack.so service=system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should be the last session rule
session required pam_selinux.so open
and as usual, the file
/etc/listfile/loginusers
are the ones allowed.
As so with other service, its almost the same entry that you should add, just on different file for different service.
Just to remember when doing it again....
