[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh and root logins

Russell Coker <russell@coker.com.au> wrote:

> Ideally we would be able to specify a list of acceptable IP addresses
> for each account, both in a central file and in per-user config
> files.  It would be really great if someone would write code to do
> this!

It is already possible to specify such a list in a system-wide
configuration file (sshd_config):

|     AllowUsers

| [...]

|             If the pattern takes the form USER@HOST then USER and
|             HOST are separately checked, restricting logins to
|             particular users from particular hosts.


And when using keypair authentication, ordinary users can restrict the
hosts their keys may be used from as well:


| [...]

|     from="pattern-list"
|             Specifies that in addition to RSA authentication, the
|             canonical name of the remote host must be present in the
|             comma-separated list of patterns



Reply to: