sshd configuration madness ...
Vu Pham
vu at sivell.com
Wed May 9 15:16:22 PDT 2012
On 5/9/2012 5:14 PM, Vu Pham wrote:
> On 5/9/2012 3:55 PM, Ben Duncan wrote:
>> Ok, I am stumped. I am trying to set sshd for my STATE job and have issues.
>> (RHEL 5.0 on x86, Suse 11.1 on LPAR - a Mainframe)
>>
>> I am trying to allow ONLY certain IP address to use root as a login via
>> scp/ssh/sftp. FOR various reason I have to allow root access in from a one to
>> another mode (Only One Host can access another as root).
>>
>> If I have PermitRootLogin set to no, NO root logins are allowed. Setting to yes
>> is a security to risk, but is the only way for the next test rules to work:
>>
>> # Allow ONLY IP .50 in as root ..
>> AllowUsers root at 10.10.10.50
>> # Keep all other from the same subnet out ...
>> DenyUsers root at 10.10.10.*
>>
>>
>> OK, this DOES NOT Work either, as ALL root users form 10.10.10 are not allowed in.
>>
>> Commenting out DenyUsers ALLOW the rule to work, but then ALL root users
>> from the same subnet can ssh as root ..
>>
>>
>> Any Suggestion?
>>
>> Thanks ..
>>
>>
>
> I have this in my /etc/ssh/sshd_config
>
> AllowUsers root at 192.168.249.25
>
> and only the system .25 can ssh to my server as root. Others are denied.
>
I meant "Others systems are denied to ssh to my server as root".
Vu
More information about the Linux-users
mailing list