[Bug 3193] Add separate section in sshd_config man page on Access Control
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Jul 21 23:42:57 AEST 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3193
--- Comment #1 from Stephen Satchell <spamfilter at satchell.net> ---
I've added a bit to my new server using Open SSH. This
is specific to a server, not a general access system
To summarize:
# Boilerplate
PermitRootLogin no
PermitEmptyPasswords no
IgnoreRhosts yes
DenyUsers root
# Add DenyUsers for all "role" accounts
DenyUsers nobody
# Set up mostly-closed security model
DenyUsers @*
# Allow specific user from internal network
AllowUsers user at 10.1.1.*
# Allow specific user from outside IP address
AllowUsers user at 1.2.3.4
AllowUsers user at 5.6.7.8
AllowUsers user at 9.10.11.12
Again, permission to use is given to anyone.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list