Register
It is currently Mon Sep 22, 2014 10:14 am

ssh configuration - restrict ssh user's


All times are UTC - 6 hours


Post new topic Reply to topic  [ 1 post ] 
Author Message
 PostPosted: Wed Feb 15, 2006 1:39 pm   
Site Admin
User avatar

Joined: Sun May 15, 2005 9:36 pm
Posts: 667
Location: Des Moines, Iowa
On techimo, there was a question asked.....

Quote:
i wanted to kick someone and disable the account cause i want to play games and enable it when im done. How would i go about doing that over ssh?


I came up with a solution, albeit not perfect, it should get the job done..... here's what I came up with................. :



I was thinking about this this morning and couldn't get it out of my head. So I decided to see what I could come up with for you.
-----------------

Ok, BEFORE you do ANYTHING else
cp /etc/ssh/sshd_config /etc/ssh/sshd_config-ORIGINAL
cp /etc/ssh/sshd_config /etc/ssh/sshd_config-NORMAL
Now, edit YOUR config file with ANY text editor (as root of course).
I use nano or pico ALOT.

nano cp /etc/ssh/sshd_config /etc/ssh/sshd_config

Look for a line that says AllowUsers change it to only include YOUR username.... or if it's NOT showing in that config file,
put it at the end of the file.

Example:
AllowUsers crouse

Then with nano OR pico you can save the file with CTRL+O and save it as sshd_config-RESTRICTED After saving CTRL+X will get you out of
nano or pico.

So, to review.... we have just

1. copied the existing sshd_config file to sshd_config-ORIGINAL (in case something BAD happens ;) )
2. copied the existing sshd_config file to sshd_config-NORMAL (to use in our script)
3. we have just edited the existed sshd_config file and saved it as a NEW file called sshd_config-RESTRICTED (leaving the original intact with no changes)

So now we have several files....

sshd_config (This is the file that SSH will use)
sshd_config-ORIGINAL (This is a backup of the file that we started with just for peace of mind)
sshd_config-NORMAL (This is the file with the normal settings for the ssh file)
sshd_config-RESTRICTED (This is the file with the restricted settings we have for the ssh file)

make sure the permissions on the files you create are correct. (the same as the original sshd_config file.

IT IS VERY IMPORTANT THAT YOU HAVE BACKED UP YOUR FILES BEFORE RUNNING THIS SCRIPT !!!!!!!!!!
YOU ALSO NEED TO MAKE SURE THAT THE ABOVE FILES HAVE BEEN CREATED !! I am NOT responsible for your stupidity if you forget to backup the files !!!


Now we need a simple bash script to control the ssh settings:
-----------------


Code:
#!/bin/bash
########################################################
#     restrictssh.sh (Restrict SSH users               #
########################################################
#
#
#
#    FILE: restrictssh.sh
# VERSION: 0.1.0
#    DATE: 02-15-2006
#
# Copyright (C) 2006
# Crouse <usalug.org NOSPAMAT gmail.com>
# All rights reserved.
#
########################################################

#########################################################################
#  This software is licensed under the GPL - GNU General Public License #
#########################################################################
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc.
# 59 Temple Place, Suite 330
# Boston, MA  02111-1307  USA
#
###################################################################


restrictedmode ()
{
echo "Putting ssh into RESTRICTED mode"; sleep 1;
cp -v /etc/ssh/sshd_config-RESTRICTED /etc/ssh/sshd_config ;
killall -1 sshd ;
echo "SSH is now in restricted mode" ;
exit
}

normalmode ()
{
echo "Puting ssh into NORMAL mode"; sleep 1;
cp -v /etc/ssh/sshd_config-NORMAL /etc/ssh/sshd_config ;
killall -1 sshd ;
echo "SSH is now in normal mode" ;
exit
}

mainmenu ()
{
clear; echo "SSH CHANGE RESTRICTIONS SCRIPT";echo ""; menu="\t1) \tRestrict SSH access\n\t2)\tEnable SSH access\n\t0)\tExit";
echo -e "$menu";echo "";read -p "Please choose one of the options above : " option
while true; do
   case $option in
      1)   restrictedmode
         ;;
      2)   normalmode
         ;;
      0)   option="";
         exit;
         ;;
      *)   echo "That choice was invalid!!";
         ;;
   esac
done
}

mainmenu
exit





-----------------

You should TEST this script .... (i haven't yet... but it should work fine). Let me know of any errors and I will try to fix them for you.
There are many ways you could write this script, this is just one of them. Feel free to improve upon it, and repost the code here so everyone
else can benefit from it as well.

Hope that helps,

Crouse


Top
 Profile WWW  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron


BashScripts | Promote Your Page Too
Powered by phpBB © 2011 phpBB Group
© 2003 - 2011 USA LINUX USERS GROUP