Farid Hamjavar wrote:
[snip]
> How does one let DenyHosts know that certain set of users are
> always allowed to get in?
As others have said, it's not a DenyHost function, it is ssh + tcp_wrappers:
man 5 hosts_access :
"...
o Access will be granted when a (daemon,client) pair matches an
entry in the /etc/hosts.allow file.
...
CLIENT USERNAME LOOKUP
When the client host supports the RFC 931 protocol or one of its
descendants (TAP, IDENT, RFC 1413) the wrapper programs can retrieve
additional information about the owner of a connection. Client username
information, when available, is logged together with the client host
name, and can be used to match patterns like:
daemon_list : ... [EMAIL PROTECTED] ...
The daemon wrappers can be configured at compile time to perform rule-
driven username lookups (default) or to always interrogate the client
host. In the case of rule-driven username lookups, the above rule
would cause username lookup only when both the daemon_list and the
host_pattern match.
..."
The key in your question is "always allowed", if a user makes a mistake the
hosts.allow file will have the effect of still allow him to try as many times as
needed, AllowUsers / AllowGroups does not (and puts a restriction in everybody
else).
I've only used something similar (AllowUsers [EMAIL PROTECTED]) and it works
very
well, I have no experience with using this in hosts.allow but it probably works
just as well.
--
René Berber
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
