Question restricting ssh access for some users only
Mark Ogden
ogden at eng.utah.edu
Thu Oct 7 11:05:31 PDT 2004
Volker Kindermann on Thu, Oct 07, 2004 at 07:54:17PM +0200 wrote:
> Hi Jim,
>
>
> > I've used ssh as a secure telnet up to now but done little else with
> > it. The FreeBSD machines I look after on our internet-facing network
> > all have one account which I connect to for administration. I've set
> > up /etc/hosts.allow on all the machines to only allow ssh from a
> > limited internal network range.
> >
> > Now I want to create a new account on one machine which will be
> > accessible from the Internet as a whole, to be used for tunnelling of
> > SMTP and POP3. I can't predict what the client IP address will be so I
> > will have to remove the hosts.allow restriction.
>
> have you considered the "AllowGroups" and "AllowUsers" directives of
> sshd_config? They should provide exact the functionality that you want.
But what if you have 1000 users? From my understanding you would have
to add all users to the AllowUsers list.
-Mark
>
> -volker
More information about the freebsd-security
mailing list