Re: UsersDeny except root@myserver
From: Carl Holtje (holtje_at_freeside.dnsalias.org)
Date: Fri, 13 Feb 2004 19:43:41 -0500 To: Miller Alan <Alan.Miller@is-energy.de>
Miller Alan wrote:
> Have I missed something in the config options to sshd?
> It appears to me that the following can't be done using
> the existing configuration options.
> I want to Allow all users from all hosts, but at the same time
> deny all root users except root from 2 specific machines.
> AllowUsers * root@server1 root@server2
> DenyUsers root@*
> The ssh connection from root@server1 doesn't work, because the
> matching Deny Rule overrides the Allow Rule.
> Is there a way to do this?
Sounds crazy, but try fliping the order of your directives.. I have no
idea if it 'll work, but then you'll be denying everybody by default,
then allowing everybody plus your two root users...
Kinda almost sounds counter-intuitive, but might work...
-- "There are 10 types of people in the world: Those who understand binary and those that don't." $>whoami: Carl Holtje $>mail holtje: email@example.com $>cu: http://freeside.dnsalias.org $>whois holtje: System Administrator Group Computer Science Department Rochester Institute of Technology $>
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature