Date: Thu, 7 Oct 2004 19:54:17 +0200 From: Volker Kindermann <ml@ps102.de> To: freebsd-security@freebsd.org Subject: Re: Question restricting ssh access for some users only Message-ID: <20041007195417.430a8b5c@ariel.office.volker.de> In-Reply-To: <cvuam0t1l2u7npnigk6oqrlq288hlu0mgn@4ax.com> References: <cvuam0t1l2u7npnigk6oqrlq288hlu0mgn@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Jim, > I've used ssh as a secure telnet up to now but done little else with > it. The FreeBSD machines I look after on our internet-facing network > all have one account which I connect to for administration. I've set > up /etc/hosts.allow on all the machines to only allow ssh from a > limited internal network range. > > Now I want to create a new account on one machine which will be > accessible from the Internet as a whole, to be used for tunnelling of > SMTP and POP3. I can't predict what the client IP address will be so I > will have to remove the hosts.allow restriction. have you considered the "AllowGroups" and "AllowUsers" directives of sshd_config? They should provide exact the functionality that you want. -volker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041007195417.430a8b5c>