AllowUsers/Deny Users Question

From: J Smith (jsmith665_at_hotmail.com)
Date: 01/05/05


Date: Tue, 04 Jan 2005 19:01:09 -0500

We have an internal server running F-Secure v5.0.1 with TCP Wrappers.
We currently allow all defined user accounts to connect using either
public key or password authentication, while all software admin
accounts are currently blocked, via a DenyUsers directive in
sshd2_config.

We now have a need to allow one of the software admin accounts, from
one specific server only, to connect. The only way that we have
gotten that to work is to explicitly list each user (or an equivalent
regex), including the software admin account, via several AllowUsers
directives.

Is there an easier way to do this? While it does work, maintaining
the AllowUsers directives is inconvenient (and seems somewhat of a
kludge as well).

A (very) small sample of the AllowUsers directives follows. Any help
will be appreciated.

-------------------

AllowUsers u[[:digit:]]{6}[[:alpha:]]?@.*
AllowUsers admin@172.16.0.1