Re: letting root in only from one host
From: Ric Anderson (ric@opus1.com)
Date: 02/28/03
- Next message: Fred Ma: "Re: Easier alternative to scp?"
- Previous message: Richard E. Silverman: "Re: Permission denied ..."
- In reply to: Ric Anderson: "letting root in only from one host"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ric Anderson" <ric@opus1.com> Date: Fri, 28 Feb 2003 07:30:03 -0700
"Ric Anderson" <ric@opus1.com> wrote in message news:b3lrs6$976$1@oasis.ccit.arizona.edu...
> Under Solaris 8, using .rhosts and rsh, and setting
> CONSOLE=/dev/console
> in /etc/default/login, I can admit root to HOSTB from
> HOSTA. root is not admitted from other hosts,
> although ordinary users are.
>
> I'm trying to effect this same scenario with OpenSSH
> 3.5p1. While I have the user side working just fine,
> I haven't found a combination of settings that will
> admit root only from HOSTA. If I set
> PermitRootLogin yes
> in sshd_config, root is allowed to log in from any
> host that is allowed to connect by tcp wrappers.
> I've tried various combinations of AllowUsers
> and Deny, but haven't come up with anything
> that will admit non-root users from any host, while
> only admitting root from HOSTA.
>
> Has someone else solved this problem, or is there
> no solution?
>
> Thanks,
> ric@opus1.com
Found the answer while looking for something else...
PermitRootLogin without-password
does exactly what I needed. This means that password auth for
root is -never- accepted so root gets in by host based or not at all.
Ric
- Next message: Fred Ma: "Re: Easier alternative to scp?"
- Previous message: Richard E. Silverman: "Re: Permission denied ..."
- In reply to: Ric Anderson: "letting root in only from one host"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
