[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Allow ssh access only at certain times



Hi,

I allow ssh access to a number of accounts on one of
my servers from a list of IP addresses, but I don't
really want people to be using this service outside
normal working hours..

I'm restricting access to these accounts thus:

In /etc/pam.d/sshd, add:
  account    required    pam_time.so

In /etc/security/time.conf, add:
  sshd;*;user;Wd0900-1700

All well and good, BUT... I can't log in!
(And yes, it _is_ a weekday between 9am and 5pm....)

Given that the only system change is the addition of
that line, and that in /var/log/messages I see:
  Jan 27 12:07:13 carbon pam_time[4642]: garbled syntax; expected name (rule
#1)
  Jan 27 12:07:13 carbon sshd[4642]: PAM rejected by account
configuration[6]: Permission denied

I'm using SLES 8, and my pam package is version 0.76-109

Does the positioning of the line in pam.d/sshd matter
that much? It's currently the last "account" line, but
it was the first "account" line.

(And no, Mr PromotionFactory, I don't want to be on
your list)

Tom.

---------------
Tom Knight
System Administration Officer
Arts & Humanities Data Service
Web:     http://www.ahds.ac.uk
Email:   tom.knight@xxxxxxxxxx
Tel:     (0)20 7928 7371


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here