Re: Finer grain control of SSH access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, May 27, 2004 at 08:05:59AM -0400, Reuben D. Budiardja wrote:
> 
> 1. I use tcp wrapper with SSH (/etc/hosts.allow & hosts.deny). I have policy 
> for our server that only access from my domain (.utk.edu domain) is allowed. 
> But we also have several exceptions for people who is outside this domain, so 
> I add that domain to /etc/hosts.allow. What I really want though, is If I can 
> restrict that only certain username can SSH to the server from this remote 
> domain. So for example, if I add .comcast.net domain to /etc/hosts.allow, I 
> want to restrict it further to: "only username 'the-boss' can SSH to this 
> machine from comcast.net". Is there any way to do that at all ?

man sshd_config.  Look at AllowGroups and AllowUsers.
Those entries aren't in the template sshd_config file but they're
available to be added manually.  This will allow 'the-boss' to ssh in,
but s/he can come in from anywhere.

You could also do this in a pam policy with the pam_listfile module.

> 2. Public-key login: I want to disable public-key login, and I know how to do 
> that. 

That's the PubkeyAuthentication parameter.

> However, there are certain cases where we want to allow public-key 
> login, 

It's either on or off.  Maybe isn't one of the choices :-)

> Any help on how to do any of those would be greatly appreciated.

I hope I've got you closer...

        .../Ed

-- 
Ed Wilts, RHCE
Mounds View, MN, USA
mailto:ewilts@xxxxxxxxxx
Member #1, Red Hat Community Ambassador Program


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux