Hi,
I'm running OpenSSH 4.4 on OpenBSD 3.9-stable and I'm trying to configure ssh access to my machine. I'd like to implement a relatively simple access policy, in my opinion, using the AllowUsers, AllowGroups, DenyUsers, and DenyGroups keywords, but I haven't managed. The policy I'm trying to implement is that access should be allowed for users in the group ssh, for users in the group lanssh if they are connecting from my network, and for nobody else. Is this even possible? The configuration most likely to succeed that I've tried so far is AllowGroups ssh [EMAIL PROTECTED] but the latter identifier is just ignored. I would even settle for writing the individual usernames that are allowed lanssh access in sshd_config, but I've been unable to do that too. For instance, for a privileged user lanuser in group lanssh, the following DenyUsers [EMAIL PROTECTED] AllowGroups ssh lanssh doesn't prevent lanuser from logging in from other hosts. Any help would be greatly appreciated. Thanks, Emerson
