How can I protect serial console which if forwarded over RS232-Ethernet to WAN?
Is it possible? I was thinking about it, but I can't figure it out.
Is it possible to allow login through serial console only for specific user?
Asked
Active
Viewed 227 times
2 Answers
0
Add pam_succeed_if to the auth part of PAM's login stack with a condition that allows only people within a certain group to log in, e.g. user ingroup clogin.
Ignacio Vazquez-Abrams
- 45,939
- 6
- 79
- 84
0
Can't you get to your RS232 interface after logging in with SSH (on a different server/firewall) first? I break out in a cold sweat when I hear about un-encrypted root or RS232 sessions :-)
DutchUncle
- 1,265
- 8
- 16
-
This only works if you don't need to protect it from the people that can SSH in. – Ignacio Vazquez-Abrams Jan 15 '11 at 13:45
-
I have gained better understanding of the context of your question, I'm sorry I assumed you were a noob running unencrypted sessions :-) – DutchUncle Jan 15 '11 at 14:22
-
Well, if nothing will help me, I will go your way, but currently I'm trying do it differently ... – Ency Jan 15 '11 at 16:27