Am Do, den 14.10.2004 schrieb Wouter van Vliet um 16:32: > As for limiting ssh access only to those who need it, how would that > be done and how can I restrict on IP and user? I've found this page > http://doc.trustix.org/cgi-bin/trustixdoc.cgi?Restrict_SSH_Per_User > which explains about allowing only certain users. It's cool. Now, what > would be the user/ip combi approach? You don't need to modify the SSH PAM module to restrict SSH connects for specific accounts. That has been said before in this thread -> man sshd_config --> AllowUsers + AllowGroups Regarding IP limitation: do you users have fixed IPs? If yes, you can use /etc/hosts.allow|.deny for that or iptables. How should a user/IP combination work - if I understand your question properly? I even see no need for anything like that. If users have static IPs, then you have already the tcp wrapper to handle that, or iptables. If the IPs are dynamically assigned, such an attempt is pointless. What you can do is to use portknocking. This has been suggested and discussed controversial recently here on the list. See i.e. http://marc.theaimsgroup.com/?l=fedora-list&w=2&r=1&s=portknocking&q=b Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp Serendipity 16:58:56 up 12:10, 16 users, 0.12, 0.40, 0.50
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
