~~NOCACHE~~
## 72.アクセス管理-pam.d-sshd

### /etc/pam.d/sshd設定
<sxh bash; gutter:True>
#変更
vi /etc/pam.d/sshd

</sxh>

### /etc/pam.d/sshd設定詳細
ハイライト行を追記する。
%%/etc/security/access.conf%%の設定を反映する。
%%pam_access.so%%は%%/etc/security/access.conf%%に書かれた制限を適用します。
<sxh bash; highlight: [5]; gutter:True;>
#%PAM-1.0
auth       substack     password-auth
auth       include      postlogin
account    required     pam_sepermit.so
account    required     pam_access.so
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    optional     pam_motd.so
session    include      password-auth
session    include      postlogin
</sxh>
https://plaza.rakuten.co.jp/takaokin/diary/201808130000/

### /etc/pam.d/sshd初期値
<sxh bash; gutter:True>
#%PAM-1.0
auth       substack     password-auth
auth       include      postlogin
account    required     pam_sepermit.so
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    optional     pam_motd.so
session    include      password-auth
session    include      postlogin
</sxh>

{{tag>AWS RHEL 実践的}}