Date: Thu, 14 Aug 2003 15:44:43 +0200
From: "Email-Lists SureStorm.com" <[email protected]>
Subject: SSH daemon enhacements......

Hi all group,

i have made some changes in my sshd daemon because i'd want disable ssh 
access for all my trustix users except for the two admin accounts.

Googling a bit and searching into my own information i have done 2 
changes to make this posible:

   1. i have added a line in the PAM sshd file to force pam to first of
      all validate user account agains a file where allowed accounts to
      log in are lists
   2. i have created a file in /etc/ssh directory as complementary step
      of above.

The changes are these:

/etc/pam.d/sshd
(put this on top of the rest of lines in file)

auth       required     /lib/security/pam_listfile.so item=user sense=allow file=/etc/ssh/pam.sshd onerr=fail

------------------------------------------------------------------------

/etc/ssh/pam.sshd
(this file do not exist. Create it!)

# List of users that may log in via ssh daemon
root
administrator1
administrator2

------------------------------------------------------------------------

That's all. I have thought that may be interesant for the rest of the 
community.

My best regards to all,

Jonathan Gonzalez