sshd configuration madness ...
Sean Keating
sean at csupport.com
Mon May 21 15:43:55 PDT 2012
Have you tried using different port for different uses. Use One port for
every day users and another for root logins. You can adjust the security
requirements basaed on which port they are using.
Sean Keating
On Wed, 2012-05-09 at 15:55 -0500, Ben Duncan wrote:
> Ok, I am stumped. I am trying to set sshd for my STATE job and have issues.
> (RHEL 5.0 on x86, Suse 11.1 on LPAR - a Mainframe)
>
> I am trying to allow ONLY certain IP address to use root as a login via
> scp/ssh/sftp. FOR various reason I have to allow root access in from a one to
> another mode (Only One Host can access another as root).
>
> If I have PermitRootLogin set to no, NO root logins are allowed. Setting to yes
> is a security to risk, but is the only way for the next test rules to work:
>
> # Allow ONLY IP .50 in as root ..
> AllowUsers root at 10.10.10.50
> # Keep all other from the same subnet out ...
> DenyUsers root at 10.10.10.*
>
>
> OK, this DOES NOT Work either, as ALL root users form 10.10.10 are not allowed in.
>
> Commenting out DenyUsers ALLOW the rule to work, but then ALL root users
> from the same subnet can ssh as root ..
>
>
> Any Suggestion?
>
> Thanks ..
>
>
--
Sean Keating
Computer Support, Inc
Office: 401-885-2297
Cell: 401-225-3545
<sean at csupport.com>
More information about the Linux-users
mailing list