|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Question restricting ssh access for some users only
From: Michael Nicks (nicksm
ioport.com)
Date: Sun Nov 21 2004 - 14:21:22 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 11/20/04 01:29:09 -0500, Francisco wrote:
> On Thu, 7 Oct 2004, Mark Ogden wrote:
>
> Coming.. way late to the discussion..
>
> >groups. We would like to allow root ssh login to our machines but only
> >from one or two machines.
>
> For starters I don't think it is a good idea to allow remote root logins
> There are several ways to do what you want.
> A few options
>
> If you only need the root users to login, set the firewall to only allow
> ssh from specific IPs. Set a user that can ssh and either configure sudo
> or allow user to su.
>
> >We like to have root login to be able to run
> >remote commands to all our machines.
>
> That sounds like something you could do with a regular user + sudo.
>
> >So is there a way to limit roots
> >login from one or two machines?
>
> Yet another approach, you can turn on to allow connections with keys
> only. No password authentication. Then enable root.. or better another ID
> which can su or sudo the commands you need.
Look at the 'AllowUsers' directive in sshd_config. You can use something to
the like of 'AllowUsers root10.0.0.1 root10.0.0.1 etc'. You can also use
wildcards in the fields.
--
Michael Nicks IOPort Technologies, LLC
nicksmioport.com PGP/GNUPG key: 1024D/0F11CED3
1(913)-378-6516 Keyfile available at pgp.mit.edu.
(Fingerprint: 4F9A 25F8 5DC7 4BA0 6288 91E3 C7CD ADA4 0F11 CED3)
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]