How to prevent remote login, but enable a local 'su username'

How to prevent remote login, but enable a local 'su username' We are writing an application (perl, mysql) that will run headless on a *nix (likely CENTOS).
Asked by: Guest \| Views: 300

Total answers/comments: 1

Comments display order:

bert [Entry]

"put all users into a group 'remote_users' and specify in your sshd.conf, that only users from that groups are allowed to login via ssh:

AllowGroups

This keyword can be followed by a list of group name patterns,
separated by spaces. If specified, login is allowed only for
users whose primary group or supplementary group list matches one
of the patterns. Only group names are valid; a numerical group
ID is not recognized. By default, login is allowed for all
groups. The allow/deny directives are processed in the following
order: DenyUsers, AllowUsers, DenyGroups, and finally
AllowGroups."