SSH and root access from limited hosts

Ferguson, Duncan Duncan.Ferguson at egg.com
Mon Mar 18 20:08:32 EST 2002


This is blanket access for root from any host with valid keys (and password)
- I want to limit that access to 4 hosts no matter what keys or passwords
are provided/used.  I have looked at shosts.equiv but this doesn't stop
other hosts being allowed.

I have also looked at "AllowUsers root at host1 root at host2 ..." but this also
means including every user we have for all other servers - of which there
are 300+.

What I would ideally like is "AllowRootUsersFrom host1 host2 host3" with no
other user/service being affected.

Duncan Ferguson
IT Infrastructure Unix Systems Engineer

Phone: 01384 264 060
Mobile: 07968 148 748

> -----Original Message-----
> From:	Anne Carasik [SMTP:gator at cacr.caltech.edu]
> Sent:	Friday, March 15, 2002 6:13 PM
> To:	Ferguson, Duncan
> Cc:	'secureshell at securityfocus.com'
> Subject:	Re: SSH and root access from limited hosts
> 
> Hi Duncan
> 
> There should be something in the sshd_config (and sshd2_config for
> SSH.com)
> for PermitRootLogin.
> 
> The options are yes, no, and nopwd (which means either hostbased or public
> key authentication only).
> 
> -Anne
> 
> On Fri, Mar 15, 2002 at 01:08:31PM -0000, Ferguson, Duncan wrote:
> > I have been looking around in the archive for this but not seen anyone
> else
> > discuss it (yet).
> > 
> > We have approx. 200 machines, or which I want only 4 to be able to ssh
> to
> > all others as root.  What is the easiest way to achieve this?  At the
> moment
> > it is root access to/from all or nothing at all.
> > 
> > Thanks.
> > 
> >   Duncs
> > 
> > Duncan Ferguson
> > IT Infrastructure Unix Systems Engineer
> > 
> > Phone: 01384 264 060
> > Mobile: 07968 148 748
> 
> -- 
> 
>               .-"".__."``".   Anne Carasik, System Administrator
>  .-.--. _...' (/)   (/)   ``'   gator at cacr.caltech.edu 
> (O/ O) \-'      ` -="""=.    ',  Center for Advanced Computing Research
> 
> ~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


This private and confidential e-mail has been sent to you by Egg.
The Egg group of companies comprises Prudential Banking plc
(registered no. 2999842), Egg Financial Products Ltd (registered
no. 3319027) and Egg Investments Ltd (registered no. 3403963) which
carries out investment business on behalf of Egg and is regulated
by the Financial Services Authority.  All members of the Egg group
are registered in England and Wales. Registered offices: 142
Holborn Bars, London EC1N 2NH

If you are not the intended recipient of this e-mail and have
received it in error, please notify the sender by replying with
'received in error' as the subject and then delete it from your
mailbox.




More information about the openssh-unix-dev mailing list