sshd configuration madness ...
Vu Pham
vu at sivell.com
Wed May 9 15:14:35 PDT 2012
On 5/9/2012 3:55 PM, Ben Duncan wrote:
> Ok, I am stumped. I am trying to set sshd for my STATE job and have issues.
> (RHEL 5.0 on x86, Suse 11.1 on LPAR - a Mainframe)
>
> I am trying to allow ONLY certain IP address to use root as a login via
> scp/ssh/sftp. FOR various reason I have to allow root access in from a one to
> another mode (Only One Host can access another as root).
>
> If I have PermitRootLogin set to no, NO root logins are allowed. Setting to yes
> is a security to risk, but is the only way for the next test rules to work:
>
> # Allow ONLY IP .50 in as root ..
> AllowUsers root at 10.10.10.50
> # Keep all other from the same subnet out ...
> DenyUsers root at 10.10.10.*
>
>
> OK, this DOES NOT Work either, as ALL root users form 10.10.10 are not allowed in.
>
> Commenting out DenyUsers ALLOW the rule to work, but then ALL root users
> from the same subnet can ssh as root ..
>
>
> Any Suggestion?
>
> Thanks ..
>
>
I have this in my /etc/ssh/sshd_config
AllowUsers root at 192.168.249.25
and only the system .25 can ssh to my server as root. Others are denied.
Vu
More information about the Linux-users
mailing list