Re: Question restricting ssh access for some users only

• Previous message: Vlad GALU: "Re: Question restricting ssh access for some users only"
• In reply to: Mark Ogden: "Re: Question restricting ssh access for some users only"
• Next in thread: Kevin: "Re: Question restricting ssh access for some users only"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Mark Ogden" <ogden@eng.utah.edu>, "Volker Kindermann" <ml@ps102.de>
Date: Thu, 7 Oct 2004 11:23:27 -0700

User the AllowGroups .. and have all the users who should have SSH access in
that particular group .. perhaps be default have an SSH users group be the
SSHable group.

----- Original Message -----
From: "Mark Ogden" <ogden@eng.utah.edu>
To: "Volker Kindermann" <ml@ps102.de>
Cc: <freebsd-security@freebsd.org>
Sent: Thursday, October 07, 2004 11:06 AM
Subject: Re: Question restricting ssh access for some users only

> Volker Kindermann on Thu, Oct 07, 2004 at 07:54:17PM +0200 wrote:
> > Hi Jim,
> >
> >
> > > I've used ssh as a secure telnet up to now but done little else with
> > > it. The FreeBSD machines I look after on our internet-facing network
> > > all have one account which I connect to for administration. I've set
> > > up /etc/hosts.allow on all the machines to only allow ssh from a
> > > limited internal network range.
> > >
> > > Now I want to create a new account on one machine which will be
> > > accessible from the Internet as a whole, to be used for tunnelling of
> > > SMTP and POP3. I can't predict what the client IP address will be so I
> > > will have to remove the hosts.allow restriction.
> >
> > have you considered the "AllowGroups" and "AllowUsers" directives of
> > sshd_config? They should provide exact the functionality that you want.
>
> But what if you have 1000 users? From my understanding you would have
> to add all users to the AllowUsers list.
>
> -Mark
> >
> > -volker
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe@freebsd.org"

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Vlad GALU: "Re: Question restricting ssh access for some users only"
• In reply to: Mark Ogden: "Re: Question restricting ssh access for some users only"
• Next in thread: Kevin: "Re: Question restricting ssh access for some users only"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Restricting SSH access to only a users home directory..... ... Restricting SSH access to only a users home directory..... ... To unsubscribe, ... (freebsd-questions) Re: IRC protocol blocked ... > allows ssh access to a remote shell account, you can run a text-mode IRC ... If you have ssh access, ... ssh -X yourname@remote xapplication ... To UNSUBSCRIBE, email to debian-user-request@lists.debian.org ... (Debian-User) wrap sshd ... i am trying to restrict the ssh access to my machine from a specific ... machine and i am using hosts.allow but does not wor for me this is ... To unsubscribe, ... (freebsd-questions) Re: More SSH trolling ... Mike Ramirez wrote: ... What I do is only allow certain user names ssh access from outside. ... This only allows my son and I to use ssh; ... To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list ... (Fedora)