|
     |
Restrictions on Secure Shell services, as described for non-privileged users in Restricting Services and Restricting Services, do not prevent users with shell access to the system from setting up the equivalent services.
It is also possible to limit users with administrative privileges to predefined commands if shell access is not needed.
Shell access is often desired for remote administration of the
server computer. It is recommended to have users log in first to their
non-privileged user accounts and once logged in elevate their rights
using sudo or su especially if the
root account is used instead of individual administrator
accounts.
The following configuration setup prevents logging directly in to the privileged accounts:
<authentication-methods>
<authentication action="deny">
<selector>
<user-privileged value="yes" />
</selector>
</authentication>
...
</authentication-methods>
| |
Copyright 
2016 SSH Communications Security Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information