Re: Question restricting ssh access for some users only

• Previous message: Mark Ogden: "Re: Question restricting ssh access for some users only"
• In reply to: Mark Ogden: "Re: Question restricting ssh access for some users only"
• Next in thread: Mark Skurzynski: "Re: Question restricting ssh access for some users only"
• Reply: Mark Skurzynski: "Re: Question restricting ssh access for some users only"
• Reply: Mark Ogden: "Re: Question restricting ssh access for some users only"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 07 Oct 2004 14:39:35 -0400
To: Mark Ogden <ogden@eng.utah.edu>

On Oct 7, 2004, at 2:34 PM, Mark Ogden wrote:

> Vlad GALU on Thu, Oct 07, 2004 at 09:22:16PM +0300 wrote:
>> On Thu, 7 Oct 2004 12:06:30 -0600, Mark Ogden <ogden@eng.utah.edu>
>> wrote:
>>> Volker Kindermann on Thu, Oct 07, 2004 at 07:54:17PM +0200 wrote:
>>>> Hi Jim,
>>>>
>>>>
>>> But what if you have 1000 users? From my understanding you would have
>>> to add all users to the AllowUsers list.
>>

Why can't you just make a script to do that?

>> Or simply add all of them to one of the groups specified in
>> "AllowGroups".
>
> Yes I do understand how that would work. Yet me better explain what we
> would like to do: We have over 9000 users and about 100 different
> groups. We would like to allow root ssh login to our machines but only
> from one or two machines. We like to have root login to be able to run
> remote commands to all our machines. So is there a way to limit roots
> login from one or two machines?

Why not just let them use 'sudo' or better yet, just give them access
to become root after they login to their initial shell?

-Mark

>
> -Mark
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe@freebsd.org"

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Mark Ogden: "Re: Question restricting ssh access for some users only"
• In reply to: Mark Ogden: "Re: Question restricting ssh access for some users only"
• Next in thread: Mark Skurzynski: "Re: Question restricting ssh access for some users only"
• Reply: Mark Skurzynski: "Re: Question restricting ssh access for some users only"
• Reply: Mark Ogden: "Re: Question restricting ssh access for some users only"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Question restricting ssh access for some users only ... instance of sshd on any random port you choose, ... We would like to allow root ssh login to our machines but only ... (FreeBSD-Security) Re: Unable to su as a user, I get: Cannot execute /bin/bash: Permission denied ... on the xconsole screen..it lets me login and then bounces me ... execute /bin/bash: Permission denied ... It'll be executed by the user, not root. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ... (Debian-User) Re: Question restricting ssh access for some users only ... We would like to allow root ssh login to our machines but only ... > Why not just let them use 'sudo' or better yet, ... (FreeBSD-Security) Re: Question restricting ssh access for some users only ... We would like to allow root ssh login to our machines but only ... (FreeBSD-Security) Re: authentication failure ... When I login using root last night, I type in wrong password more than 5 times. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ... Trouble? ... (Debian-User)