1
As the title says, I'm looking for a way to limit SSH access to certain users, so that they can connect only during a certain time period.
Let's say, username "A" can access SSH only during office hours, username "B" can access SSH only after office hours, etc.
pepoluan
Posted 2014-02-03T08:22:24.053
Reputation: 962
0
Yes, it is possible.
I believe those users are in your local network and are having static ip addresses. If yes, then we can create a cron to change the /etc/hosts.deny file during regular intervals. For eg:
The /etc/hosts.deny will be blank during the allowed hours and it must change to the following during the restricted hours
sshd: ALL EXCEPT
<specify ips of users here>
I hope you understood my point.
Unnikrishnan
Posted 2014-02-03T08:22:24.053
Reputation: 1 193
Point understood, sir. Unfortunately, the IP addresses of the users are DHCP based, so I think this solution is not suitable for me... – pepoluan – 2014-02-03T12:09:38.150
Not sure, but changing their login shell to a custom script might work. It will either
exec shat the end, or if it is the wrong time,exec false. – Bobby – 2014-02-03T08:28:47.950@Bobby hmm... I suspected such... still hoping for a less 'hackish' method though... but thanks for reminding. – pepoluan – 2014-02-03T08:50:34.133
1In that case you might want to look into this. – Bobby – 2014-02-03T09:36:58.247
@Bobby - That links seems simple and good. But unfortunately that method is not working for me. – Unnikrishnan – 2014-02-03T10:19:35.067
A reasonable question, before suggesting an answer, is: what do you wish to do with those users who legged in before the curfew, but who are still there after curfew begins? – MariusMatutiae – 2014-02-03T11:07:07.283
@MariusMatutiae well, I wish I could maintain their connection, but if it is too complex to do so, an abrupt abort is acceptable. – pepoluan – 2014-02-03T12:07:55.520
@Bobby ahhh, thanks! That looks like what I need... I'll study more on pam conf's. – pepoluan – 2014-02-03T12:08:59.053