help with negative patterns in Match
Christoph Anton Mitterer
calestyo at scientia.net
Tue Feb 24 10:02:10 AEDT 2015
Hey.
Perhaps someone can help me with the following (OpenSSH 6.7):
I have a host reachable via miscellaneous interfaces (and network
addresses) running SSH.
Some specific users should be only reachable from the inside, so e.g.
though something like this would do the job in sshd_config:
#general config
#...
Match User foo LocalAddress 10.0.0.1,fe80:abba::0
PasswordAuthentication no
KbdInteractiveAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
RSAAuthentication no
PubkeyAuthentication yes
Match User foo LocalAddress !10.0.0.1,!fe80:abba::0
PasswordAuthentication no
KbdInteractiveAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
RSAAuthentication no
PubkeyAuthentication no
But apparently it never goes into the negative matching block :-(
Also, it seems that hostnames can generally not be used with
LocalAddress,.. is this expected? Cause that would be kinda nice.
Thanks,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5313 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150224/ec0e9a19/attachment.bin>
More information about the openssh-unix-dev
mailing list