[plug] Attempted Intrusions
bob
bob at fots.org.au
Wed Oct 20 11:26:51 WST 2004
On Wed, 20 Oct 2004 10:50 am, Cameron Patrick wrote:
> bob wrote:
> > You should setup AllowUsers or AllowGroups, depending on the number of
> > users you wish to allow access via ssh to. EG AllowUsers alice bert
> > carl daisy (do not have root as a valid user, use su etc )
> >
> > If possible set PasswordAuthentication to no and only allow
> > PubkeyAuthentication as an authentication method (difficult for some
> > users to do but worthwhile if possible)
>
> Is it possible to set these restrictions per-account and/or per-IP
> address? (Much like apache's access controls or squid's acls.) It
> would be nice to say, e.g. allow password log-ins for some users but
> not for others, and allow root log-ins on the internal network but not
> the external network.
This may be doable with some PAM hacking but I don't know how to go about
doing it. (not an itch I need to scratch :).
> At work I'm kludging around this by running two instances of sshd, one
> locked-down one on a high port which is accessible to the external
> world and one on the standard port for the internal network.
Is AllowUsers user at host any use ?
> Cameron.
--
I AM NOT LICENSED TO DO ANYTHING
I AM NOT LICENSED TO DO ANYTHING
I AM NOT LICENSED TO DO ANYTHING
I AM NOT LICENSED TO DO ANYTHING
Bart Simpson on chalkboard in episode 4F08
More information about the plug
mailing list