Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- AllowUsers/Deny Users Question
January 5, 2005, 12:01 am
rate this thread
We currently allow all defined user accounts to connect using either
public key or password authentication, while all software admin
accounts are currently blocked, via a DenyUsers directive in
We now have a need to allow one of the software admin accounts, from
one specific server only, to connect. The only way that we have
gotten that to work is to explicitly list each user (or an equivalent
regex), including the software admin account, via several AllowUsers
Is there an easier way to do this? While it does work, maintaining
the AllowUsers directives is inconvenient (and seems somewhat of a
kludge as well).
A (very) small sample of the AllowUsers directives follows. Any help
will be appreciated.
- Richard E. Silverman
January 5, 2005, 5:07 am
Re: AllowUsers/Deny Users Question
I often use this:
... and put accounts which should be accessible via SSH in the group.
This way you can easily grant/remove the SSH access privilege on a
per-account basis without having to reconfigure sshd. Also, it avoids the
problem of having to specifically remember to disable SSH access for new
accounts that shouldn't have it. I'd rather have to explicitly grant SSH
access, than accidentally end up with some accounts having it that
- » 2005 NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS'05)
- — Next thread in » Secure Shell Forum
- » F-Secure SSH Server and authentications over publickey
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum