SSH security

[douglasfim]

I'm having the following problem

SSH on the server I have 3 users

root - locked in sshd_config
douglas - locked in sshd_config
dgf - allowed

if I access the user dgf, I can login with the user douglas $ su douglas

the user can try to break the password, do not you think? because there is no limit on login attempt and will use the server processing, how to fix this?

I tried changing the permission of the command "su ", but it was not possible

 

[Alt]

Its not ssh related problem.
I think you should dig about pam.conf

 

[francis]

Maybe remove dgf user from wheel group with pw(8) utility, so he will be not able to use su command?
Of course if he is in that group. Surely this command is used to become another user.

I hope that You remember about the other security issues?

 

[DutchDaemon]

The wheel group only affects who can su root, not who can su in general.

 

[douglasfim]

dgf user is no longer part of the group wheel

now it's all right, thank you

 

[DutchDaemon]

That 'solution' defies logic. A user does not have to be part of the wheel group to su any other user, root excepted.

# groups user1
user1

$ id
uid=1002(user1) gid=1002(user1) groups=1002(user1)
$ su - user2
Password:
$ id
uid=1003(user2) gid=1003(user2) groups=1003(user2)

 

[douglasfim]

solved, thanks