[CentOS] vsftp vs shell logins

Sun Jan 29 21:38:39 UTC 2006
William Suffill <william.suffill at gmail.com>

SSHD_config can be tweaked to block them or just block a whole group
http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config

DenyGroups
             This keyword can be followed by a list of group name patterns,
             separated by spaces.  Login is disallowed for users whose primary
             group or supplementary group list matches one of the patterns.
             `*' and `?' can be used as wildcards in the patterns.  Only group
             names are valid; a numerical group ID is not recognized.  By de-
             fault, login is allowed for all groups.

     DenyUsers
             This keyword can be followed by a list of user name patterns,
             separated by spaces.  Login is disallowed for user names that
             match one of the patterns.  `*' and `?' can be used as wildcards
             in the patterns.  Only user names are valid; a numerical user ID
             is not recognized.  By default, login is allowed for all users.
             If the pattern takes the form USER at HOST then USER and HOST are
             separately checked, restricting logins to particular users from
             particular hosts.