Question restricting ssh access for some users only

Mark Skurzynski mark at lomag.net
Thu Oct 7 11:51:04 PDT 2004 

Hi Fellow Marks,

I normally don't reply here however the simple solution is to run a 2nd
instance of sshd on any random port you choose, ie. "sshd -f
/etc/ssh/sshd_config_private" or whatever you choose. You could then easily
firewall that port and only allow specific IP's to connnect.

Thanks,

Mark

-- 
****************************************************
  Mark Skurzynski  *  Lomag Internet Services, LLC
  mark at lomag.net   *  http://www.lomag.net
  Edison, NJ USA   *  908-754-2296
****************************************************

----- Original Message ----- 
From: "Mark Stanislav" <KryptoBSD at uncompiled.com>
To: "Mark Ogden" <ogden at eng.utah.edu>
Cc: <freebsd-security at freebsd.org>
Sent: Thursday, October 07, 2004 2:39 PM
Subject: Re: Question restricting ssh access for some users only


>
> On Oct 7, 2004, at 2:34 PM, Mark Ogden wrote:
>
> > Vlad GALU on Thu, Oct 07, 2004 at 09:22:16PM +0300 wrote:
> >> On Thu, 7 Oct 2004 12:06:30 -0600, Mark Ogden <ogden at eng.utah.edu>
> >> wrote:
> >>> Volker Kindermann on Thu, Oct 07, 2004 at 07:54:17PM +0200 wrote:
> >>>> Hi Jim,
> >>>>
> >>>>
> >>> But what if you have 1000 users? From my understanding you would have
> >>> to add all users to the AllowUsers list.
> >>
>
> Why can't you just make a script to do that?
>
> >>     Or simply add all of them to one of the groups specified in
> >> "AllowGroups".
> >
> > Yes I do understand how that would work. Yet me better explain what we
> > would like to do: We have over 9000 users and about 100 different
> > groups. We would like to allow root ssh login to our machines but only
> > from one or two machines. We like to have root login to be able to run
> > remote commands to all our machines. So is there a way to limit roots
> > login from one or two machines?
>
> Why not just let them use 'sudo' or better yet, just give them access
> to become root after they login to their initial shell?
>
> -Mark
>
> >
> > -Mark
> >
> > _______________________________________________
> > freebsd-security at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-security
> > To unsubscribe, send any mail to
> > "freebsd-security-unsubscribe at freebsd.org"
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe at freebsd.org"
>

More information about the freebsd-security mailing list