[email protected] wrote:
I would recommend reading the man page for sshd_config along with the
PATTERNS section of ssh_config's man page for more info, but I played
with
it for a few minutes and accomplished you goal in this manner:
DenyUsers u2@"!host2.fqdn,*" u3@"!host3.fqdn,*"
Basically you are saying to deby u2 from any host except hosts2.fqdn.
On
my system it didn't work until I used the FQDN, but I would assume an
IP
would work as well. If you have more than 1 host they can not log into
just add it in, like this "!host2.fqdn,!host3.fqdn,*" but the PATTERNS
section can give you better ways of handling that.
AllowUsers defaults to * so you can leave that line out, or continue
whatever you were doing with it previously.
Greg, thanks for this information and your tests.
Could you please let me know your sshd 's version ?
My server is RHEL5.3 (openssh-server-4.3p2-29.el5) and its
ssh_config/sshd_config man pages does not mention the PATTERNS. I also
copy your patterns ( I change the fqdn / ip to mine ) and it doesn't
work.
I also found out that ssh_config's man page on my FC9 does mention about
the PATTERNS but I have not had a chance to test on this system
(openssh-server-5.1p1-3.fc9.i386).
I thought I was in the terminal for one of my rhel5 boxes, but I was on
only fedora8 box. My apologies. I seem to always forget that server is
fedora8 not rhel5. I just re-tested and tried a few other methods on RHEL5
and no success. Sorry.
They do seem to have moved the talk about PATTERNS from inline during
FC6/RHEL5 to a separate spot in later versions of Fedora.
Gred, no problem. Thanks for testing again on your RHEL so I won't have
to try any more :)
Anyway, it is interesting to know new versions of sshd support those
PATTERNS.
Thanks,
Vu
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
