Sometimes we need to allow user to access SSH in a specific time interval.

For Example : Allow Mike to access SSH service between 1:00 AM to 5:00 AM.

We can achieve this using pam_time module.The pam_time module is an account module type. No arguments are passed directly to the module, but instead all configuration takes place within /etc/security/time.conf.

The time.conf operates based on rules, and each rule uses the following syntax:

services;ttys;users;times

Steps to be followed,

  • SSH to the server and vi /etc/pam.d/sshd

cat /etc/pam.d/sshd
#%PAM-1.0
auth include system-auth
account required pam_time.so
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth

auth required pam_shells.so

The one in BOLD must be added.

  • vi /etc/pam.d/system-auth

add “account     required      pam_time.so” 

  • vi /etc/security/time.conf

sshd;*;mike;Wk0100-0500

  • Restart sshd service

**Available abbreviates for the days of the week

Mo : Monday
Tu : Tuesday
We : Wednesday
Th : Thursday
Fr : Friday
Sa : Saturday
Su : Sunday
Wd : Sa/Su
wk : Mo/Tu/We/Th/Fr
Al : All Days