Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
linux_ssh_access [2020/09/01 17:58]
pgh5a
linux_ssh_access [2020/09/01 18:02] (current)
pgh5a
Line 76: Line 76:
  
 <​code>​ <​code>​
-username@portal01:​~$ ping portal03+abc1de@portal01:​~$ ping portal03
 PING portal03.cs.virginia.edu (128.143.67.43) 56(84) bytes of data. PING portal03.cs.virginia.edu (128.143.67.43) 56(84) bytes of data.
 64 bytes from portal03.cs.virginia.edu (128.143.67.43):​ icmp_seq=1 ttl=64 time=0.149 ms 64 bytes from portal03.cs.virginia.edu (128.143.67.43):​ icmp_seq=1 ttl=64 time=0.149 ms
Line 88: Line 88:
 === From Linux/Mac OS === === From Linux/Mac OS ===
  
-To log into this server from another computer running Linux/​Unix/​MacOS,​ run the following from a shell:+To log into server from another computer running Linux/​Unix/​MacOS,​ run the following from a shell:
  
 <​code>​ <​code>​
-username@host ~ $ ssh username@gpusrv04.cs.virginia.edu +abc1de@host ~ $ ssh username@gpusrv04.cs.virginia.edu 
-username@gpusrv04'​s password: ​                             <- Enter Password+abc1de@gpusrv04'​s password: ​                             <- Enter Password
 ... ...
-[username@gpusrv04 ~]$+[abc1de@gpusrv04 ~]$
 </​code>​ </​code>​
  
Line 109: Line 109:
 === Login Restrictions (Info for Faculty) === === Login Restrictions (Info for Faculty) ===
  
-Here in CS we want to give all of our users fair and equal access to whatever computing resources we have to offer. ​ For this reason we are discontinuing the practice of restricting ​login access to certain servers. ​ However, there are a number of servers that still have access restrictions in place. ​ This article is to show users with ''​%%sudo%%''​ privileges how to edit ''​%%/​etc/​security/​time.conf%%''​ to allow user logins.+We want to give all of our users fair and equal access to whatever computing resources we have to offer. ​We do not restrict ​login access to certain servers. ​ However, there are a number of servers that still have access restrictions in place. ​ This article is to show users with ''​%%sudo%%''​ privileges how to edit ''​%%/​etc/​security/​time.conf%%''​ to allow user logins.
  
 There are several configuration files located in ''​%%/​etc/​security%%''​ on Linux servers. ​ In this directory, we can use ''​%%time.conf%%''​ to restrict ssh login to a specific set of user accounts. There are several configuration files located in ''​%%/​etc/​security%%''​ on Linux servers. ​ In this directory, we can use ''​%%time.conf%%''​ to restrict ssh login to a specific set of user accounts.
- 
-=== PAM Setup === 
- 
-This section can be skipped over if your server has already been configured with login restrictions. 
  
 By default, access rules in ''​%%time.conf%%''​ are not used unless a //PAM module// (pluggable authentication module) is configured to read them.  This is done by adding a line to the ''​%%sshd%%''​ //PAM// module file.  ​ By default, access rules in ''​%%time.conf%%''​ are not used unless a //PAM module// (pluggable authentication module) is configured to read them.  This is done by adding a line to the ''​%%sshd%%''​ //PAM// module file.  ​
Line 124: Line 120:
 account ​            ​required ​               pam_time.so account ​            ​required ​               pam_time.so
 </​code>​ </​code>​
- 
-=== time.conf === 
  
 Now that //PAM// is configured to read ''​%%time.conf%%''​ we can now put in a rule.  Here is an example rule from ''​%%time.conf%%'':​ Now that //PAM// is configured to read ''​%%time.conf%%''​ we can now put in a rule.  Here is an example rule from ''​%%time.conf%%'':​
  • linux_ssh_access.txt
  • Last modified: 2020/09/01 18:02
  • by pgh5a