-1

A SSH server I admin is to be allowed login from a group of users all days of week except sunday.

How would be your elegant solution to this? Thanks any input on comments or creative +and+ secure answers.

It should also kick out logged users. And take care of any means of login, such as passwords or ssh-keys.

(Edited as suggested)

DrBeco
  • 109
  • 5
  • It is a good indication of a solution. But what if the person is already logged in? We better let this question open for more options, if you don't mind. – DrBeco Feb 13 '21 at 00:05
  • Hey, thanks. As a new contributor, my first question got a -1 without explanation, that is reassuring. I hope the edit I made compensate for the -1, anonymous critic. – DrBeco Feb 13 '21 at 00:09
  • I wasn't one who voted -1, although anyone can do that for any reason, don't get too offended. You could show that you did some research and tried something first, which is part of asking a good question: https://serverfault.com/help/how-to-ask For example: "I suppose I could usermod in cron but that seems fragile. Is limiting login a ssh thing or a Linux PAM thing?" – John Mahowald Feb 13 '21 at 04:32

1 Answers1

1

Combining pam_time from the question I mentioned with a cron job that runs periodically on sundays should accomplish what you want.

The cron job enumerates logged in users with a terminal (with who) and with an uid >= 1000 and calls pkill -HUP -u <user>. Might be a little more complicated with X sessions.

This approach is problematic though - we have no idea about the environment in which you are planning to use this. Users might (understandably) not take kindly to having their work terminated without a chance to save, or might plan to have a job running for a long time that needs a terminal.

fuero
  • 9,413
  • 1
  • 35
  • 40
  • Thanks. That will do it. Just to clarify: pam_time prevents login with both passwords and ssh-keys, right? Regarding the kick part, I'm writing a script that will give a warning message and some time to the user log out by himself. – DrBeco Feb 14 '21 at 16:31