4

I have a machine where only some users should be allowed to login and execute commands over ssh, rest all users can ssh and run commands but should not login i.e no tty for other users.

Can someone help me with this.

piro
  • 41
  • 2

2 Answers2

8

You should set up key-based authentication for your users on the ssh server.

Once you have key-based authentication configured, it's easy to set up the user's authorized_keys file to deny the user a tty using hte "no-pty" option for the key. Look at the man page for sshd and go to the AUTHORIZED_KEYS FILE FORMAT section for the available options: http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8

cjc
  • 24,533
  • 2
  • 49
  • 69
5

Use SSH keys and specify the command= parameter in the authorized_keys file of users who should only run some commands.

In this command= parameter, pass a script which will check for the commands users can run.

raphink
  • 11,337
  • 6
  • 36
  • 47