cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Maximus_el
Flight Engineer
Flight Engineer
Sunday
  • 236 Views

PAM pam_access.so Rules Not Denying SSH Access for Users in wheel Group

Jump to solution
 

I am trying to restrict SSH access for users in the wheel group using PAM and pam_access.so on Red Hat9. Despite following all necessary steps, users in the wheel group are still able to log in via SSH from remote hosts, which should be denied according to my configuration.

Here’s what I have done so far:

  1. Added the following line to /etc/pam.d/sshd, /etc/pam.d/password-auth, and /etc/pam.d/system-auth:

    account required pam_access.so

  2. Configured PAM for SSH in /etc/ssh/sshd_config:

    UsePAM yes

  3. Configured the rule in /etc/security/access.conf:

    -:wheel:ALL EXCEPT LOCAL

  4. Notes:

    • I tried setting SELinux in permissive mode.
    • SSH service was restarted after each configuration change.

Despite all these configurations, users in the wheel group can still log in via SSH from any remote host, which contradicts the intended restriction.

Any insights or guidance would be greatly appreciated.

________________________________________________________
Keep fighting, peacefully!
Labels (2)
Labels
Join the discussion
13 Replies
TM
Flight Engineer Flight Engineer
Flight Engineer
yesterday
  • 36 Views

Jump to solution

I got your point and I encourage you with your family project.
It is often a good way of learning while trying to achieve something useful.

Besides PAM is well beyond the objectives for RHCSA.

But as it said in French: Qui peut le plus peut le moins.
Translation (maybe a better one exists): The one that can do more can do less.

Trevor
Starfighter Starfighter
Starfighter
yesterday
  • 16 Views

Jump to solution

Maximus, your words are very kind, and most appreciated!!!

This may sound a little crazy, but your questions serve to 
motivate me!!!   Keep them coming!!!

I love your current focus - to deepen your understanding, and
to gain practical experience.  You'll serve yourself very well 
with this approach.  

Study as if you're preparing to go perform on a consulting
assignment, and not to take an exam.  If you learn on that
level, passing the exams will be a fun experience!!!

Make that learning journey a marathon - not a sprint!!!

Trevor "Red Hat Evangelist" Chandler
Maximus_el
Flight Engineer
Flight Engineer
yesterday
  • 45 Views

Jump to solution

Actually, what often happens with me is that I can't stop myself from testing and exploring as many directives as possible in a configuration file until I reach my limit. Only then do I move on to the next 'fun'.

________________________________________________________
Keep fighting, peacefully!
Trevor
Starfighter Starfighter
Starfighter
yesterday
  • 25 Views

Jump to solution

Maximus, that's a GREAT problem to have!!!   I have that
same addiction - and I'm not trying to find a cure

The more you test and explore, the more you'll learn beyond 
what's covered in the textbook!!  The more you learn, the more
value you'll bring to the table!!  The more value you bring to 
the table, the more employment opportunities you'll have!!!

Keep your foot on the accelerator of learning!!!

Trevor "Red Hat Evangelist" Chandler
Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2025 Red Hat, Inc. Privacy policy Terms of use