From owner-freebsd-doc@FreeBSD.ORG Wed Apr 27 23:30:24 2005 Return-Path: Delivered-To: freebsd-doc@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A487B16A4CE for ; Wed, 27 Apr 2005 23:30:24 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6389243D5E for ; Wed, 27 Apr 2005 23:30:24 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j3RNUO4h073241 for ; Wed, 27 Apr 2005 23:30:24 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j3RNUOTU073240; Wed, 27 Apr 2005 23:30:24 GMT (envelope-from gnats) Date: Wed, 27 Apr 2005 23:30:24 GMT Message-Id: <200504272330.j3RNUOTU073240@freefall.freebsd.org> To: freebsd-doc@FreeBSD.org From: Brad Davis Subject: Re: docs/80416: Add information on how to use AllowUsers to the OpenSSH section X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Brad Davis List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Apr 2005 23:30:24 -0000 The following reply was made to PR docs/80416; it has been noted by GNATS. From: Brad Davis To: bug-followup@freebsd.org, blackend@freebsd.org, danger@rulez.sk Cc: Subject: Re: docs/80416: Add information on how to use AllowUsers to the OpenSSH section Date: Wed, 27 Apr 2005 17:20:44 -0600 Updated with corrections based on input by blackend@ and Daniel Gerzo. --- doc-ori/en_US.ISO8859-1/books/handbook/security/chapter.sgml Wed Apr 27 01:28:51 2005 +++ doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml Wed Apr 27 17:18:13 2005 @@ -4546,6 +4546,41 @@ + AllowUsers - Controlling What Users Are Allowed to Login + and From Where + + It is often a good idea to only allow users to login from a + certain host and not allow other users to login at all. The + AllowUsers options is a good way to + accomplish this. For example, to only allow the root user to + login from 192.168.1.32, + something like this would be appropriate in the + /etc/ssh/sshd_config file: + + AllowUsers root@192.168.1.32 + + To allow a user, admin, to login from + anywhere, just list the username by itself: + + AllowUsers admin + + Multiple users will all be listed on the same line: + + AllowUsers root@192.168.1.32 admin + + + It is important that you list each user that needs to + login to this machine, otherwise they will be locked out. + + + After making any changes to + /etc/ssh/sshd_config you must tell + &man.sshd.8; to reload it's config files, by running: + + &prompt.root; /etc/rc.d/sshd reload + + + Further Reading OpenSSH &man.ssh.1; &man.scp.1; &man.ssh-keygen.1;