From owner-freebsd-doc@FreeBSD.ORG Wed Apr 27 19:20:14 2005 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E414516A4CE for ; Wed, 27 Apr 2005 19:20:13 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0B9243D46 for ; Wed, 27 Apr 2005 19:20:13 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j3RJKDf7043835 for ; Wed, 27 Apr 2005 19:20:13 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j3RJKDJl043834; Wed, 27 Apr 2005 19:20:13 GMT (envelope-from gnats) Date: Wed, 27 Apr 2005 19:20:13 GMT Message-Id: <200504271920.j3RJKDJl043834@freefall.freebsd.org> To: freebsd-doc@FreeBSD.org From: Marc Fonvieille Subject: Re: docs/80416: Add information on how to use AllowUsers to the OpenSSH section X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Marc Fonvieille List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Apr 2005 19:20:14 -0000 The following reply was made to PR docs/80416; it has been noted by GNATS. From: Marc Fonvieille To: Brad Davis Cc: freebsd-doc@FreeBSD.org, bug-followup@FreeBSD.org Subject: Re: docs/80416: Add information on how to use AllowUsers to the OpenSSH section Date: Wed, 27 Apr 2005 21:15:53 +0200 On Wed, Apr 27, 2005 at 07:00:32PM +0000, Brad Davis wrote: > The following reply was made to PR docs/80416; it has been noted by GNATS. > > From: Brad Davis > To: bug-followup@freebsd.org > Cc: > Subject: Re: docs/80416: Add information on how to use AllowUsers to the OpenSSH section > Date: Wed, 27 Apr 2005 12:58:35 -0600 > > Fix a typo where my fingers got ahead of themselves. Noticed by remko@ > > > --- doc-ori/en_US.ISO8859-1/books/handbook/security/chapter.sgml Wed Apr 27 01:28:51 2005 > +++ doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml Wed Apr 27 12:56:10 2005 > @@ -4546,6 +4546,39 @@ > > > > + AllowUsers - Controlling what users are allowed to login > + and from where > + I think you don't need to mention the option name in the title, but you have to respect "Chigaco style" for titles like: Controlling Which Users Are Allowed to Login and From Where > + It is often a good idea to only allow users to login from a > + certain host and not allow other users to login at all. > + AllowUsers is a good way to accomplish this. For example, to The AllowUsers option is a good way to accomplish this. For example, to > + only allow the root user to login from root user to login from + role="ipaddr">192.168.1.32, something like this would > + be appropriate for &man.sshd_config.5;: be appropriate in the /etc/ssh/sshd_config file: > + > + AllowUsers root@192.168.1.32 > + > + To allow a user, admin, to login from anywhere, use a > + *: To allow a user, admin, to login from anywhere, use the following: > + > + AllowUsers admin@* > + AllowUsers admin yes, @* is useless > + > + Multiple users will all be listed on the same line: > + > + AllowUsers root@192.168.1.32 admin@* AllowUsers root@192.168.1.32 admin > + > + > + It is important that you list each user that needs to > + login to this machine, otherwise they will be locked out. > + > + > + After making any changes to sshd_config > + you must restart &man.sshd.8; by running: > + > + &prompt.root; killall -HUP sshd > + > + > + > Further Reading > OpenSSH > &man.ssh.1; &man.scp.1; &man.ssh-keygen.1; Marc