Jul 4, 2011

Prevent User SSH Login

When you want to share your Linux user account to allow other user to access your computer for specific tasks.
For example, login your FTP (Ignore the anonymous login)
You will provide the user account name and password for other user.
However, on that time your system will be in danger if the user wants to access to your computer with other daemon, such as SSH.

Sharing account for public user to access into your FTP Server

Somehow, public user can access to your system by using other daemon, such as SSH.
Public user can destroy your data

So, how to prevent that situation ?
Shutdown your SSHD is one of method, but if you need to remote control to your computer.
This is not a good idea.

Before you launch the daemon or user account.
You should limit the user account permissions.

sudo gedit /etc/passwd
(use any text editor to open /etc/passwd with root permission)

Search your target user accounts to modify the user account which you would like to limit its permissions.

modify /bin/bash to /sbin/nologin

And now try to access the computer with SSH.
However, you should no longer to access the specific accounts.


Post a Comment

Twitter Delicious Facebook Digg Google Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Best Hostgator Coupon Code