Set the time limit for SSH access on the Centos Server

How do I set a time limit for SSH access? Solution:

To enable the SSH remote logon time limit, you need to set the pluggable authentication module (PAM ). The time limit module is pam_time.so.

Add this module to the following file:

/lib/security/pam_time.so

The following is an example of modifying the file:

#%PAM-1.0auth       required     pam_stack.so service=system-authauth       required     pam_nologin.soaccount    required     pam_stack.so service=system-authaccount    required     pam_time.sopassword   required     pam_stack.so service=system-authsession    required     pam_stack.so service=system-authsession    required     pam_limits.sosession    optional     pam_console.so

The remaining configuration is in the/etc/security/time. conf file. the syntax of this file is as follows:

services;ttys;users;times

Service list controlled by pam tty the virtual terminal users that enables the service use the service user time. The format of this field is date/time, and the date is usually two characters. For example, MoTuSa is Monday, Tuesday, and Wednesday. The acceptable combination of two characters is Mo Tu We Th Fr Sa Su Wk Wd Al

In addition, ALFr indicates all dates except Friday. In addition, you can add "!" to the date/time format. The prefix indicates the reverse value. The start time and stop time of the time range are separated by a horizontal line. The specific time format is also a two-character HHMM that represents the hour and minute. If the end time is smaller than the start time, the system recognizes that the end time is the next day.

Therefore, to restrict jlim from logging on via ssh from five o'clock P.M. AM to am on Monday, Wednesday, and Saturday, refer to the following example:

sshd;*;jlim;MoWeWk0800-1700

Modifications to this file will take effect when any user logs on again. Note that you should test the modification to this restriction to prevent locking users or even root users by mistake.