From owner-freebsd-security@FreeBSD.ORG  Thu Oct  7 18:32:59 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AC65D16A4CE
	for <freebsd-security@freebsd.org>;
	Thu,  7 Oct 2004 18:32:59 +0000 (GMT)
Received: from yem.eng.utah.edu (yem.eng.utah.edu [155.99.222.96])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9631D43D53
	for <freebsd-security@freebsd.org>;
	Thu,  7 Oct 2004 18:32:59 +0000 (GMT)
	(envelope-from ogden@yem.eng.utah.edu)
Received: from ogden by yem.eng.utah.edu with local (Exim 4.42 (FreeBSD))
	id 1CFd5U-0006d2-Dr; Thu, 07 Oct 2004 12:34:00 -0600
Date: Thu, 7 Oct 2004 12:34:00 -0600
From: Mark Ogden <ogden@eng.utah.edu>
To: Vlad GALU <vladgalu@gmail.com>
Message-ID: <20041007183400.GA25339@yem.eng.utah.edu>
Mail-Followup-To: Vlad GALU <vladgalu@gmail.com>,
	freebsd-security@freebsd.org
References: <cvuam0t1l2u7npnigk6oqrlq288hlu0mgn@4ax.com>
	<20041007195417.430a8b5c@ariel.office.volker.de>
	<20041007180630.GA25130@yem.eng.utah.edu>
	<79722fad041007112227c3c241@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <79722fad041007112227c3c241@mail.gmail.com>
User-Agent: Mutt/1.5.5.1i
Sender: Mark L Ogden <ogden@yem.eng.utah.edu>
cc: freebsd-security@freebsd.org
Subject: Re: Question restricting ssh access for some users only
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Oct 2004 18:32:59 -0000

Vlad GALU on Thu, Oct 07, 2004 at 09:22:16PM +0300 wrote:
> On Thu, 7 Oct 2004 12:06:30 -0600, Mark Ogden <ogden@eng.utah.edu> wrote:
> > Volker Kindermann on Thu, Oct 07, 2004 at 07:54:17PM +0200 wrote:
> > > Hi Jim,
> > >
> > >
> > But what if you have 1000 users? From my understanding you would have
> > to add all users to the AllowUsers list.
> 
>     Or simply add all of them to one of the groups specified in "AllowGroups".

Yes I do understand how that would work. Yet me better explain what we
would like to do: We have over 9000 users and about 100 different
groups. We would like to allow root ssh login to our machines but only
from one or two machines. We like to have root login to be able to run
remote commands to all our machines. So is there a way to limit roots
login from one or two machines?

-Mark