pam_require is a simple Pluggable Authentication Module (PAM) for Linux (and maybe other systems which use PAM). It is an account module that allows you to require a special user or group to access a service.

• pam_require-0.7.tgz
• libpam-require_0.7-1_i386.deb

• pam_require-0.6.tgz
• libpam-require_0.6-2_i386.deb
• pam_require-0.5.tgz
• pam_require-0.4.tgz
• pam_require-0.3.tgz
• pam_require-0.2.tgz

Or check out the code from the GitHub Repository.

/etc/pam.d/ssh:

auth       required     pam_nologin.so
auth       required     pam_unix.so
auth       required     pam_env.so

account    required     pam_unix.so
account    required     pam_require.so @ssh-users admin

session    required     pam_unix.so
session    optional     pam_lastlog.so
session    optional     pam_motd.so
session    optional     pam_mail.so standard noenv
session    required     pam_limits.so

password   required     pam_unix.so

The above example requires a user to be member of the group ssh-users or to be user admin himself to login via ssh.

The full documentation is available in my Wiki