docs/80416: Add information on how to use AllowUsers to the OpenSSH section
Brad Davis
so14k at so14k.com
Wed Apr 27 18:50:22 UTC 2005
>Number: 80416
>Category: docs
>Synopsis: Add information on how to use AllowUsers to the OpenSSH section
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-doc
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Apr 27 18:50:20 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Brad Davis
>Release: FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
System: FreeBSD mccaffrey.house.so14k.com 5.4-STABLE FreeBSD 5.4-STABLE #0: Wed Apr 20 22:22:19 MDT 2005 root at mccaffrey.house.so14k.com:/usr/obj/usr/src/sys/SMP i386
>Description:
Add information on how to use AllowUsers to the OpenSSH section.
>How-To-Repeat:
>Fix:
--- doc-ori/en_US.ISO8859-1/books/handbook/security/chapter.sgml Wed Apr 27 01:28:51 2005
+++ doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml Wed Apr 27 05:55:23 2005
@@ -1,4 +1,4 @@
-<!--
+t!--
The FreeBSD Documentation Project
$FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v 1.269 2005/04/26 13:43:06 keramida Exp $
@@ -4543,6 +4543,39 @@
8000, successfully evading the firewall.</para>
</sect4>
</sect3>
+ </sect2>
+
+ <sect2>
+ <title>AllowUsers - Controlling what users are allowed to login
+ and from where</title>
+
+ <para>It is often a good idea to only allow users to login from a
+ certain host and not allow other users to login at all.
+ AllowUsers is a good way to accomplish this. For example, to
+ only allow the root user to login from <hostid
+ role="ipaddr">192.168.1.32</hostid>, something like this would
+ be appropriate for &man.sshd_config.5;:</para>
+
+ <programlisting>AllowUsers root at 192.168.1.32</programlisting>
+
+ <para>To allow a user, admin, to login from anywhere, use a
+ <quote>*</quote>:</para>
+
+ <programlisting>AllowUsers admin@*</programlisting>
+
+ <para>Multiple users will all be listed on the same line:</para>
+
+ <programlisting>AllowUsers root at 192.168.1.32 admin@*</programlisting>
+
+ <note>
+ <para>It is important that you list each user that needs to
+ login to this machine, otherwise they will be locked out.</para>
+ </note>
+
+ <para>After making any changes to <filename>sshd_config</filename>
+ you must restart &man.sshd.8; by running:</para>
+
+ <programlisting>&prompt.root; killall -HUP sshd</programlisting>
</sect2>
<sect2>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-doc
mailing list