[Bug 3193] Add separate section in sshd_config man page on Access Control

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jul 21 23:42:57 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3193

--- Comment #1 from Stephen Satchell <spamfilter at satchell.net> ---
I've added a bit to my new server using Open SSH.  This
is specific to a server, not a general access system
To summarize:

# Boilerplate
PermitRootLogin         no
PermitEmptyPasswords    no
IgnoreRhosts            yes
DenyUsers  root
# Add DenyUsers for all "role" accounts
DenyUsers  nobody
# Set up mostly-closed security model
DenyUsers  @*
# Allow specific user from internal network
AllowUsers user at 10.1.1.*
# Allow specific user from outside IP address
AllowUsers user at 1.2.3.4
AllowUsers user at 5.6.7.8
AllowUsers user at 9.10.11.12

Again, permission to use is given to anyone.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list