On October 5, 2004 13:53, Nick W wrote: > I think I'm being misunderstood, I don't want root login w/out passwords, I > want to be able to login as root from my local subnet, but not from > outside.
yes i understood. unfortunately, ssh's [Allow|Deny][Users|Groups] access controls are pretty basic. the [Allow|Deny]Groups doesn't take an @host, and the rules aren't "chained" but are rather "absolute". i've played with these mechanisms in the past to get what you are looking for and couldn't manage to get a working setup that met my desires. now, maybe i'm just missing something (completely possible), but i've tried a few different ways and haven't been able to do it. ergo, i suggested using key auth for the root user only. this allows your users to keep using their passwords just like always, but rachet's up the security for the root account by using keys and known hosts. -- Aaron J. Seigo _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
