Date: Thu, 7 Oct 2004 12:06:30 -0600 From: Mark Ogden <ogden@eng.utah.edu> To: Volker Kindermann <ml@ps102.de> Cc: freebsd-security@freebsd.org Subject: Re: Question restricting ssh access for some users only Message-ID: <20041007180630.GA25130@yem.eng.utah.edu> In-Reply-To: <20041007195417.430a8b5c@ariel.office.volker.de> References: <cvuam0t1l2u7npnigk6oqrlq288hlu0mgn@4ax.com> <20041007195417.430a8b5c@ariel.office.volker.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Volker Kindermann on Thu, Oct 07, 2004 at 07:54:17PM +0200 wrote: > Hi Jim, > > > > I've used ssh as a secure telnet up to now but done little else with > > it. The FreeBSD machines I look after on our internet-facing network > > all have one account which I connect to for administration. I've set > > up /etc/hosts.allow on all the machines to only allow ssh from a > > limited internal network range. > > > > Now I want to create a new account on one machine which will be > > accessible from the Internet as a whole, to be used for tunnelling of > > SMTP and POP3. I can't predict what the client IP address will be so I > > will have to remove the hosts.allow restriction. > > have you considered the "AllowGroups" and "AllowUsers" directives of > sshd_config? They should provide exact the functionality that you want. But what if you have 1000 users? From my understanding you would have to add all users to the AllowUsers list. -Mark > > -volker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041007180630.GA25130>