Let sshd only accept freenx clients

I installed freeNX (remote GUI access), which is based开发者_开发问答 on sshd service. It means all users who can access freeNX should be assigned a ssh-enabled account.

But I don't want part/all of these users directly access the sshd service via any ssh client.

What can I do?

I don't know freeNX, but if it don't need a shell access, just SSH, you can put /bin/false as the shell for each users in your /etc/passwd file.

For this you must modify the last entry on each correspondent line (usually /bin/bash) to /bin/false.

You can configure your ssh server to accept only specific users & groups by modifying /etc/ssh/sshd_config:

    AllowUsers admin
    AllowGroups freenx_users

Remember to restart your ssh server after you make the change.

    /etc/init.d/ssh restart

More details about AllowUsers and AllowGroups see the man page:

    man sshd_config