Re: Question restricting ssh access for some users only

From: Vlad GALU (vladgalu_at_gmail.com)
Date: 10/07/04

  • Next message: Robert Westendorp: "Re: Question restricting ssh access for some users only" 
    Date: Thu, 7 Oct 2004 21:22:16 +0300
To: Volker Kindermann <ml@ps102.de>, freebsd-security@freebsd.org

    On Thu, 7 Oct 2004 12:06:30 -0600, Mark Ogden <ogden@eng.utah.edu> wrote:
    > Volker Kindermann on Thu, Oct 07, 2004 at 07:54:17PM +0200 wrote:
    > > Hi Jim,
    > >
    > >
    > > > I've used ssh as a secure telnet up to now but done little else with
    > > > it. The FreeBSD machines I look after on our internet-facing network
    > > > all have one account which I connect to for administration. I've set
    > > > up /etc/hosts.allow on all the machines to only allow ssh from a
    > > > limited internal network range.
    > > >
    > > > Now I want to create a new account on one machine which will be
    > > > accessible from the Internet as a whole, to be used for tunnelling of
    > > > SMTP and POP3. I can't predict what the client IP address will be so I
    > > > will have to remove the hosts.allow restriction.
    > >
    > > have you considered the "AllowGroups" and "AllowUsers" directives of
    > > sshd_config? They should provide exact the functionality that you want.
    >
    > But what if you have 1000 users? From my understanding you would have
    > to add all users to the AllowUsers list.

        Or simply add all of them to one of the groups specified in "AllowGroups".

    >
    > -Mark
    >
    >
    > >
    > > -volker
    > _______________________________________________
    > freebsd-security@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-security
    > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
    > 

    -- 
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: Robert Westendorp: "Re: Question restricting ssh access for some users only"

    Relevant Pages

    • Re: Strength or no errors?
      ... Slowly attenuate signal. ... > As for the article Jim mentioned, I just can't see the point. ... Even re-designing cofdm would give ... However that might then lead you to understanding the purpose of the paper ...
      (uk.tech.digital-tv)
    • Re: The Objectivity of Science
      ... clergyman and a scientist, and very astute on matters of both. ... finds it necessary to lie to ourselves or others to ... The search for understanding takes an open mind and does NOT attempt to ... Thank you, Jim, for commenting. ...
      (sci.bio.evolution)
    • Re: The Objectivity of Science
      ... it's a bee's nest in a different way. ... > The search for understanding takes an open mind and does NOT attempt to ... > Thank you, Jim, for commenting. ... outlook on existence. ...
      (sci.bio.evolution)
    • Re: The Objectivity of Science
      ... it's a bee's nest in a different way. ... >> The search for understanding takes an open mind and does NOT attempt to ... >> Thank you, Jim, for commenting. ... Yet, as I gaze into the pit of harsh realities, I hold on blindly to faith, ...
      (sci.bio.evolution)
    • Re: who is r/w-ing my hdd?
      ... > a nice job and as a side-effect i just ... > readjusted my understanding of journaling-fs ... > with a subject of "unsubscribe". ...
      (Debian-User)