Before you begin, login to the server using a remote console or at least more then one terminal. I had one co-worker lock himself out of the server because he forgot to add himself to the users group before he restarted ssh. I would also take note of any programs that use ssh so you don't lock them out.
# vi /etc/ssh/sshd_configAdd the following line to the /etc/ssh/sshd_config file.
AllowGroups users
You can use any group you want, you don't have to use the users group. Often you will find that many people like to use the group sshusers for this function. I use the default group users, because all the user accounts use SSH to access my servers. Make sure you check all you application accounts and make use they are the in the group that are using for SSH. otherwise your applications may no longer work.To have the changes take affect you need to restart the sshd process.
# svcadm restart ssh
or
# /etc/rc2.d/K03sshd stop
# /etc/rc2.d/K03sshd start Test the the new setup by trying to login with one accout not in the users group and one that is. The account that is in the users group should be able to login, but the account that is not should not.
If you have anything to add please post below.
No comments:
Post a Comment