> > I would recommend reading the man page for sshd_config along with the > > PATTERNS section of ssh_config's man page for more info, but I played with > > it for a few minutes and accomplished you goal in this manner: > > > > DenyUsers u2@"!host2.fqdn,*" u3@"!host3.fqdn,*" > > > > Basically you are saying to deby u2 from any host except hosts2.fqdn. On > > my system it didn't work until I used the FQDN, but I would assume an IP > > would work as well. If you have more than 1 host they can not log into > > just add it in, like this "!host2.fqdn,!host3.fqdn,*" but the PATTERNS > > section can give you better ways of handling that. > > > > AllowUsers defaults to * so you can leave that line out, or continue > > whatever you were doing with it previously. > > > > Greg, thanks for this information and your tests. > Could you please let me know your sshd 's version ? > My server is RHEL5.3 (openssh-server-4.3p2-29.el5) and its > ssh_config/sshd_config man pages does not mention the PATTERNS. I also > copy your patterns ( I change the fqdn / ip to mine ) and it doesn't work. > > > I also found out that ssh_config's man page on my FC9 does mention about > the PATTERNS but I have not had a chance to test on this system > (openssh-server-5.1p1-3.fc9.i386).
I thought I was in the terminal for one of my rhel5 boxes, but I was on only fedora8 box. My apologies. I seem to always forget that server is fedora8 not rhel5. I just re-tested and tried a few other methods on RHEL5 and no success. Sorry. They do seem to have moved the talk about PATTERNS from inline during FC6/RHEL5 to a separate spot in later versions of Fedora. -greg _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
