pam_access.so restrictions not working - syntax errors?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi folks,

I want to restrict root access via ssh to certain (internal) hosts.

That is what pam_access.so is for, I thought, so I configured:

in /etc/security/access.conf I added (nothing in there before):
+ : root : 192.168.123.0/24 10.72.0.0/16
- : root : ALL

in /etc/pam.d/ssh I added at the end:
account required pam_access.so

Then I restarted the ssh server.

Basically, this kinda works. Cron suddenly had no right to do it's  
job, so I had to add
+ : root : LOCAL
to /etc/security/access.conf

But there still is no restriction on ssh logins by root - I can still  
login from anywhere.

Next I tried putting it in one line in /etc/security/access.conf:
- : root : ALL EXCEPT LOCAL 192.168.123.0/24 10.72.0.0/16
That did not change anything, still I can log in via ssh.

I am stuck. According to documentation and the examples on the net  
this should be the right syntax. And, by the way, in my /etc/ssh/ 
sshd_config I have "UsePAM yes".

Any help or hint is appreciated.

Dirk

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux