We're running a deployment with a large number of API Gateways, and we are using PAM to remotely/centrally control which users can access the API Gateways. So rather than having to go on to individual API Gateways, we can control what users have logon access remotely.
The access control we've installed is working, but we also have to manually edit the "/etc/ssh/ssh_allowed_users" file and add the users names in to there as well. What I want to do is to find and remove the configuration that tells the SSH to use its own access list, but I can't find an option in the "/etc/ssh/sshd_config" and I can't find any example online that deals with a "ssh_allowed_users" file.
Is there a way to stop using "ssh_allowed_users"?
And it seems that rather than looking through the SSH config I needed to be looking at the PAM configuration in "/etc/pam.d/sshd".
In the configuration file there is the line:
"auth requisite pam_listfile.so item=user sense=allow file=/etc/ssh/ssh_allowed_users onerr=succeed"
So I need to find a way to modify this line to get it to stop using the allowed user list file, but at least I found where I had to go to change things.