Re: AllowUser, DenyUser don't work.



I try to restrict some kind of login through AllowUser and DenyUser but
failed.
openssh version: 4.5
What I want: disable root login from network outside 192.17.0.0 What I wrote into /etc/ssh/sshd_config
***************************
DenyUsers root
AllowUsers root@xxxxxxx*
***************************
However, after that not only root can not login from anywhere, but all
the other accounts are also disabled

Anything I did wrong?

Yes.
/etc/ssh/sshd_config:
AllowUsers you@thehostyourecomingfrom
AllowRootLogin=no

ssh you@yourbox
you@yourbox:~$ su - root


Best,
Philipp



Relevant Pages

  • Re: AllowUser, DenyUser dont work.
    ... As per the section below, if you have "DenyUsers root", it will be ... even if you add "AllowUsers root@host"... ... remote backups even if root login is normally not ...
    (SSH)
  • Re: AllowUser, DenyUser dont work.
    ... disable root login from network outside 192.17.0.0 ... you don't need the DenyUsers line. ... If you specify AllowUsers then ...
    (SSH)
  • RE: AllowUser, DenyUser dont work.
    ... Subject: AllowUser, DenyUser don't work. ... disable root login from network outside 192.17.0.0 What ... AllowUsers you@thehostyourecomingfrom ...
    (SSH)
  • Re: AllowUser, DenyUser dont work.
    ... disable root login from network outside 192.17.0.0 What ... AllowUsers you@thehostyourecomingfrom ...
    (SSH)
  • Re: root trying to ssh but being denied
    ... > listed in AllowUsers ... If it were root from ... It's a script kiddie having found that your IP ... is to move the SSH server to another port. ...
    (comp.os.linux.security)