Re: ssh and root logins
Russell Coker <russell@coker.com.au> wrote:
> Ideally we would be able to specify a list of acceptable IP addresses
> for each account, both in a central file and in per-user config
> files. It would be really great if someone would write code to do
> this!
It is already possible to specify such a list in a system-wide
configuration file (sshd_config):
| AllowUsers
| [...]
| If the pattern takes the form USER@HOST then USER and
| HOST are separately checked, restricting logins to
| particular users from particular hosts.
sshd_config(5)
And when using keypair authentication, ordinary users can restrict the
hosts their keys may be used from as well:
| AUTHORIZED_KEYS FILE FORMAT
| [...]
| from="pattern-list"
| Specifies that in addition to RSA authentication, the
| canonical name of the remote host must be present in the
| comma-separated list of patterns
sshd(8)
Paul
Reply to: