Re: UsersDeny except root@myserver

• Previous message: Steven Lake: "Problem with restrictive login"
• In reply to: Miller Alan: "UsersDeny except root@myserver"
• Next in thread: Greg Wooledge: "Re: UsersDeny except root@myserver"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 13 Feb 2004 19:43:41 -0500
To: Miller Alan <Alan.Miller@is-energy.de>

Miller Alan wrote:
> Hallo,
>
> Have I missed something in the config options to sshd?
> It appears to me that the following can't be done using
> the existing configuration options.
>
> I want to Allow all users from all hosts, but at the same time
> deny all root users except root from 2 specific machines.
>
> AllowUsers * root@server1 root@server2
> DenyUsers root@*
>
> The ssh connection from root@server1 doesn't work, because the
> matching Deny Rule overrides the Allow Rule.
>
> Is there a way to do this?

Sounds crazy, but try fliping the order of your directives.. I have no
idea if it 'll work, but then you'll be denying everybody by default,
then allowing everybody plus your two root users...

Kinda almost sounds counter-intuitive, but might work...

Carl

-- 
"There are 10 types of people in the world: Those who understand binary
and those that don't."
$>whoami: Carl Holtje
$>mail holtje: holtje@freeside.dnsalias.org
$>cu: http://freeside.dnsalias.org
$>whois holtje:
   System Administrator Group
   Computer Science Department
   Rochester Institute of Technology
$>

• application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

• Previous message: Steven Lake: "Problem with restrictive login"
• In reply to: Miller Alan: "UsersDeny except root@myserver"
• Next in thread: Greg Wooledge: "Re: UsersDeny except root@myserver"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]