Re: Restricting ssh access to internet but not to internal network
On Thu, 24 Nov 2005, Patrick wrote:
> I have an server running sshd on Sarge. I want all users to be able to
> access the computer from within the internal network - but restrict
> access from the internet (to users in a particular group). Can this be
> achieved by combining the /etc/hosts.allow or /etc/hosts.deny files and
> the AllowGroup (or AllowUsers) options in sshd configuration file.
You are looking for pam_access.
weasel@lore:~$ grep -C3 access /etc/pam.d/ssh
# Standard Un*x authentication.
@include common-auth
# do etc/security/access checks
# weasel, Fri, 25 Feb 2005 12:05:42 +0100
account required pam_access.so # [1]
# Standard Un*x authorization.
@include common-account
weasel@lore:~$ tail -n5 /etc/security/access.conf
# weasel, Fri, 25 Feb 2005 12:06:57 +0100
+:ALL:127.
+:ALL:192.0.2.
+:weasel:ALL
-:ALL:ALL
HTH.
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
Reply to: