Subject: Re: shell log-in restrictions
> > > anyone have any idea how do I allow a user to log-in to an
> > > interactive shell ony if he's on tty1-6 ? i.e., i dont want him logging in
> > > except on the server itself.
> >
> > /etc/login.access
> > +:theuser:console
> > -:theuser:ALL
>
> I doubt sshd checks that file. (I didn't try, but if you do a "strings
> /bin/login" you'll spot `/etc/login.access' somewhere. Same check on
> /usr/sbin/sshd found no such string. I know it's not quite a proof, but
> it does suggest something...)
>
> Before sending this msg I thought I'd check in.telnetd: no login.access
> there either...
login.access is checked by /bin/login. Telnetd execs that,
I believe. Ssh by default doesn't - you can enable it with
"UseLogin yes".
Ssh obeys a "DenyGroups" and "DenyUsers" directives,
though.