more flexible AllowUsers/DenyUsers syntax
Daniel Rogers
drogers at ncmir.ucsd.edu
Wed Jun 29 03:42:19 EST 2005
Hi,
I hope this is the right place for a feature request.
I'd like to have more flexible AllowUsers/DenyUsers synax.
I am in a situation, where I have machines connected to three
networks (a private, high speed, a public, and a private vpn) and I'd
like to enable root logins only on the private networks. Currently I
see no way of doing this, because there is no way to specify a class
that doesn't match. Something like:
AllowUsers ~root@*
AllowUsers root at 10.0.2.0/24
AllowUsers root at 172.31.0.0/24
Would be really really friggin' nice.
Even nicer would be to have acl statements with sophistication akin
to squids configuration.
Futher, it would be really nice to be able to understand when openssh
treats a pattern match like an ip or network and when openssh treats
a pattern match like a host or domain name.
Are any features like this planned? Is what I am asking for reasonable?
--
Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20050628/d4dd1a54/attachment.bin
More information about the openssh-unix-dev
mailing list