This is an old revision of the document!

Linux SSH Access

Here in CS we want to give all of our users fair and equal access to whatever computing resources we have to offer. For this reason we are discontinuing the practice of restricting login access to certain servers. However, there are a number of servers that still have access restrictions in place. This article is to show users with sudo privileges how to edit /etc/security/time.conf to allow user logins.

There are several configuration files located in /etc/security on Linux servers. In this directory, we can use time.conf to restrict ssh login to a specific set of user accounts.

PAM Setup

This section can be skipped over if your server has already been configured with login restrictions.

By default, access rules in time.conf are not used unless a PAM module (pluggable authentication module) is configured to read them. This is done by adding a line to the sshd PAM module file.

Add the following line to the file to the end /etc/pam.d/sshd:

account             required      


Now that PAM is configured to read time.conf we can now put in a rule. Here is an example rule from time.conf:


This line is formatted such that the users listed are separated by ampersand & characters. This entry will allow the users root, fls4t, ejs3s and pgh5a are allowed access. Be sure to always include yourself and root in this rule. Failure to do so may result in everyone becoming locked out.

If we wanted to add the user ktm5j to this rule above, we would insert the string &ktm5j like this:


Changes to this file take effect immediately, no services need to be restarted. When editing this file, be sure that you keep at least one active ssh connection until you have tested your changes. This will prevent becoming locked out if any errors are made!

  • linux_ssh_access.1541187537.txt.gz
  • Last modified: 2018/11/02 19:38
  • by ktm5j