You can see this feature as a security feature, you can see this as a work/life-balance feature. Either way, the capability to limit SSH login to a certain time span is quite useful.
Such a limitation has been integrated into Solaris with 11.2. The enforcement is done by pam_unix_account. The man page explains about the functions provided by this module: “Validate that the user is permitted to access the PAM service at the current time and day of the week.”
Let’s assume you want to ensure that user junior is just allowed to go onto your system between 07:00 and 17:00. I will simply limit all services that are used by ssh. Log into your server as root:
root@testbed:~# usermod -K access_times='{sshd-none,sshd-password,sshd-kbdint,sshd-pubkey,sshd-hostbased}:Wk0700-1700' juniorNow I’m attempting to ssh into my system shortly before 0700.
jm@Mac ~ % date
Mi 23 Apr 2025 06:58:55 CEST
jm@Mac ~ % ssh junior@192.168.123.123
(junior@192.168.123.123) Password:
pam_unix_account: User junior may not use the sshd-kbdint service at this time.
junior@192.168.123.123's password:
pam_unix_account: User junior may not use the sshd-password service at this time.
Connection closed by 192.168.123.123 port 22Access is denied. So, grab a coffee, go to the restroom. And let’s try it again after a few minutes.
joergmoellenkamp@Mac ~ % ssh junior@192.168.123.123
(junior@192.168.123.123) Password:
Last login: Tue Apr 22 19:28:55 2025 from 192.168.122.122
Oracle Solaris 11.4.80.189.2 Assembled March 2025
junior@testbed:~$ date
Wed Apr 23 07:02:36 CEST 2025
