On 9/11/10 1:45 AM, ynon repoport wrote:> The denyUsers / AllowUsers option in openSSH does not satisfy our
> needs.
>
> We want to supply our own software to allow/deny sessions based on
> time of day.
>
> I do not know if PAM can do this, but in any case we can not use
> PAM.
A PAM module could do this (eg LinuxPAM's pam_time).
> ? Did someone do such a change in openSSH code
You could potentially add code to Match to invoke an external program,
but it would have to be done very carefully to avoid introducing a
security problem.
Can you describe the system some more? There might be a simple solution
(eg you could swap sshd_config files and SIGHUP sshd from a cron job).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.