Is there a mechanic to let me limit SSH and telnet logins to the root account based on IP address? I have 3 nets used for different things locally all in the 192.168.x ranges, I need to login from those and banned from anywhere else. I know having root active is frowned on... but like a bad admin I live in my root account.
Asked
Active
Viewed 243 times
1 Answers
0
Partial answer after looking at the related question, for SSH logins, sshd_config has the option for PermitRootLogin: yes/no.
create /etc/pam.d/telnet with the contents
auth required pam_listfile.so item=user sense=deny file=/etc /ftpusers onerr=succeed
# Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.
# Standard pam includes
@include common-account
@include common-session
@include common-auth
auth required pam_securetty.so
My example uses the same deny list as my ftpd
A.Adverse
- 305
- 1
- 3
- 11