AllowUsers/Deny Users Question

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
We have an internal server running F-Secure v5.0.1 with TCP Wrappers.
We currently allow all defined user accounts to connect using either
public key or password authentication, while all software admin
accounts are currently blocked, via a DenyUsers directive in

We now have a need to allow one of the software admin accounts, from
one specific server only, to connect.  The only way that we have
gotten that to work is to explicitly list each user (or an equivalent
regex), including the software admin account, via several AllowUsers

Is there an easier way to do this?  While it does work, maintaining
the AllowUsers directives is inconvenient (and seems somewhat of a
kludge as well).

A (very) small sample of the AllowUsers directives follows.  Any help
will be appreciated.


AllowUsers    u[[:digit:]][[:alpha:]]?@.*
AllowUsers    admin@

Re: AllowUsers/Deny Users Question

I often use this:

AllowGroups ssh

... and put accounts which should be accessible via SSH in the group.
This way you can easily grant/remove the SSH access privilege on a
per-account basis without having to reconfigure sshd.  Also, it avoids the
problem of having to specifically remember to disable SSH access for new
accounts that shouldn't have it.  I'd rather have to explicitly grant SSH
access, than accidentally end up with some accounts having it that

  Richard Silverman

Site Timeline