How to add SSH Authman for users please see the article How to use SSH Authman - for users
|
Select a script option, either python or bash with or without cache
Create ssh cache directory (as root)
mkdir /var/ssh_cache chown nobody:(root group) /var/ssh_cache chmod 750 /var/ssh_cache |
In /etc/ssh/sshd_config
Example using bash/with_cache.sh as auth_command_cache.sh
Copy the selected script to /usr/local/bin/authman_command_cache.sh
Make changes to the script
chown root:nogroup /usr/local/bin/authman_command_cache.sh chmod 750 /usr/local/bin/authman_command_cache.sh |
On Redhat systems, use nobody instead of nogroup |
Ensure the following lines
AuthorizedKeysCommand /usr/local/bin/authman_command_cache.sh AuthorizedKeysCommandUser nobody |
You can put this under a match clause if you wish to restrict it to specific users/groups. For example:
Match User rgoggin
AuthorizedKeysCommand /usr/local/bin/authman_command_cache.sh
AuthorizedKeysCommandUser nobody
Match Group istiss
AuthorizedKeysCommand /usr/local/bin/authman_command_cache.sh
AuthorizedKeysCommandUser nobody |
Or, negate it for specific users/groups
AuthorizedKeysCommand /usr/local/bin/authman_command_cache.sh
AuthorizedKeysCommandUser nobody
Match User root, git, www-data
AuthorizedKeysCommand none
Match Group postgres
AuthorizedKeysCommand none |
After making modifications to /etc/ssh/sshd_config ensure that you reload the configuration. The method used depends of your system.
systemctl reload sshd service sshd reload kill -HUP SSHDPID |
Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.
Need help?Please submit support requests to ist-iss-general@rt.uwaterloo.ca. |
Article feedbackIf you’d like to share any feedback about this article, please let us know. |