2

Our Linux HPC server (RHEL 7) only accepts logins to interactive sessions from users with UID >= 1000. However, some of our users have UID lower than that because their usernames were created on a separate old server using RHEL 6 (which assigns UIDs from 500).

I understand I can change the UID assigned to new users by changing the proper values on /etc/login.defs. Is there a way to change the minimum UID allowed to SSH into our server?

Also, I think the lowest UID in my case would be in the 800s, would changing the minimum allowed UID introduce any serious security issues? From this answer, I understand the worst that can happen is a conflict with some program (whatever that means, exactly).

Improve this question
5
  • 1
    This might be a PAM configuration issue, not an sshd configuration issue. See, for example, forums.centos.org/viewtopic.php?t=60922&start=10 Commented Jul 1, 2020 at 13:27
  • 1
    Another option would be to just update the users' UIDs Commented Jul 1, 2020 at 13:31
  • @AndyDalton, editing files on /etc/pam.d/ looks like the key to this, unfortunately my files have a big "UNDER CFENGINE CONTROL. DO NOT EDIT! ANY CHANGES WILL BE LOST!" comment at the top, so I guess I'll have to dig deeper and learn about configuring CFEngine. Commented Jul 2, 2020 at 8:46
  • I dont know what cfengine might be, but my understanding is that the pam files are usually updated when you run authconfig --update when it will read changes made to /etc/login.defs, for example, to change /etc/pam.d/system-auth. Commented Jul 2, 2020 at 8:51
  • @Andy, you're definitely right. Post your comment as an answer, so Waldir can award credit? I vote the CFEngine stuff is extraneous in our scope. Commented Jul 6, 2020 at 6:11

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.