Date: Wed, 27 Apr 2005 23:30:24 GMT From: Brad Davis <so14k@so14k.com> To: freebsd-doc@FreeBSD.org Subject: Re: docs/80416: Add information on how to use AllowUsers to the OpenSSH section Message-ID: <200504272330.j3RNUOTU073240@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/80416; it has been noted by GNATS.
From: Brad Davis <so14k@so14k.com>
To: bug-followup@freebsd.org, blackend@freebsd.org, danger@rulez.sk
Cc:
Subject: Re: docs/80416: Add information on how to use AllowUsers to the OpenSSH section
Date: Wed, 27 Apr 2005 17:20:44 -0600
Updated with corrections based on input by blackend@ and Daniel Gerzo.
--- doc-ori/en_US.ISO8859-1/books/handbook/security/chapter.sgml Wed Apr 27 01:28:51 2005
+++ doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml Wed Apr 27 17:18:13 2005
@@ -4546,6 +4546,41 @@
</sect2>
<sect2>
+ <title>AllowUsers - Controlling What Users Are Allowed to Login
+ and From Where</title>
+
+ <para>It is often a good idea to only allow users to login from a
+ certain host and not allow other users to login at all. The
+ <literal>AllowUsers</literal> options is a good way to
+ accomplish this. For example, to only allow the root user to
+ login from <hostid role="ipaddr">192.168.1.32</hostid>,
+ something like this would be appropriate in the
+ <filename>/etc/ssh/sshd_config</filename> file:</para>
+
+ <programlisting>AllowUsers root@192.168.1.32</programlisting>
+
+ <para>To allow a user, <username>admin</username>, to login from
+ anywhere, just list the username by itself:</para>
+
+ <programlisting>AllowUsers admin</programlisting>
+
+ <para>Multiple users will all be listed on the same line:</para>
+
+ <programlisting>AllowUsers root@192.168.1.32 admin</programlisting>
+
+ <note>
+ <para>It is important that you list each user that needs to
+ login to this machine, otherwise they will be locked out.</para>
+ </note>
+
+ <para>After making any changes to
+ <filename>/etc/ssh/sshd_config</filename> you must tell
+ &man.sshd.8; to reload it's config files, by running:</para>
+
+ <programlisting>&prompt.root; /etc/rc.d/sshd reload</programlisting>
+ </sect2>
+
+ <sect2>
<title>Further Reading</title>
<para><ulink url="http://www.openssh.com/">OpenSSH</ulink></para>;
<para>&man.ssh.1; &man.scp.1; &man.ssh-keygen.1;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504272330.j3RNUOTU073240>