Re: UsersDeny except root@myserver

From: Carl Holtje (holtje_at_freeside.dnsalias.org)
Date: 02/14/04

  • Next message: Pascal J.Bourguignon: "Re: RSA & DSA Authentication - need help"
    Date: Fri, 13 Feb 2004 19:43:41 -0500
    To: Miller Alan <Alan.Miller@is-energy.de>
    
    
    

    Miller Alan wrote:
    > Hallo,
    >
    > Have I missed something in the config options to sshd?
    > It appears to me that the following can't be done using
    > the existing configuration options.
    >
    > I want to Allow all users from all hosts, but at the same time
    > deny all root users except root from 2 specific machines.
    >
    > AllowUsers * root@server1 root@server2
    > DenyUsers root@*
    >
    > The ssh connection from root@server1 doesn't work, because the
    > matching Deny Rule overrides the Allow Rule.
    >
    > Is there a way to do this?

    Sounds crazy, but try fliping the order of your directives.. I have no
    idea if it 'll work, but then you'll be denying everybody by default,
    then allowing everybody plus your two root users...

    Kinda almost sounds counter-intuitive, but might work...

    Carl

    -- 
    "There are 10 types of people in the world: Those who understand binary
    and those that don't."
    $>whoami: Carl Holtje
    $>mail holtje: holtje@freeside.dnsalias.org
    $>cu: http://freeside.dnsalias.org
    $>whois holtje:
       System Administrator Group
       Computer Science Department
       Rochester Institute of Technology
    $>
    
    



  • Next message: Pascal J.Bourguignon: "Re: RSA & DSA Authentication - need help"

    Relevant Pages