[TriLUG] limiting ssh
Kevin Hunter
khunter at rhoworld.com
Thu Jan 24 17:30:26 EST 2002
I went w/ the following advice:
1) Copy /etc/security/access.conf to /etc/security/sshd_access.conf
2) Modify /etc/security/sshd_access.conf to taste.
For the mail server at work, where a lot of people have accounts but
I don't want the riffraff to get shell access:
+:adminuser1:ALL
+:adminuser2:ALL
-:ALL:ALL
3) Add to /etc/pam.d/sshd:
account required /lib/security/pam_access.so
accessfile=/etc/security/sshd_access.conf
However, what would be great is if I could define a user to just get
in from our local 10.x.x.x network which is natd'd off a freebsd box
that's also connected to the dmz my web server sits on. I just can't
get the syntax right. I've tried a bunch of different variations.
If someone has done this, please let me know.
# sshd_access.conf
+:wheel:ALL
+:user:10.x.x.0. ???
-:ALL:ALL
More information about the TriLUG
mailing list