Re: UsersDeny except root@myserver
From: Greg Wooledge (wooledg_at_eeg.ccf.org)
Date: 02/16/04
- Previous message: James Hankins: "Re: 2nd attempt: OSX/SSH Authentication Problem"
- In reply to: Miller Alan: "UsersDeny except root@myserver"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 Feb 2004 08:14:24 -0500 To: "'secureshell@securityfocus.com'" <secureshell@securityfocus.com>
On Fri, Feb 13, 2004 at 12:28:36PM +0100, Miller Alan wrote:
> I want to Allow all users from all hosts, but at the same time
> deny all root users except root from 2 specific machines.
I think the only way to do this is to run two separate instances of sshd
on two different ports, with different config files. In the "normal"
(port 22) one, you disallow root. In the other one, on the alternate
port, you allow root, but you disallow connections from all hosts except
the desired ones. (This can be done with PF/IPF/ipchains/iptables
depending on OS/version, or with TCP wrappers.)
- Previous message: James Hankins: "Re: 2nd attempt: OSX/SSH Authentication Problem"
- In reply to: Miller Alan: "UsersDeny except root@myserver"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
