ssh user login restrictions http://www.chinaunix.net Author: sunaska Posted: 2004-03-16 23:34:04
Users who want to limit a network segment can use SSH to log in to this unit, and a network segment cannot be logged in. Do you control it with host.allow? TCP-WRAPPER seems to be used to control the services of services in Xinetd, ask for advice. . [Posted Reply] [View the original post] [Add to Favorites] [Close]
The Nets replied to: 2004-03-17 03:32:07 presets, SSHD is not subject to Xinetd, but support TCPD. You can set up in Hosts.allow: SSHD: 192.168.0. Sshd: All: DENY Of course, use iptables V. iptables -i input -p tcp --dport 22 -j drop iptables -i input -p tcp - DPORT 22 - 192.168.0.0/32 -j accept (Note: Use the -i command, and the order cannot be reversed ...)
Nets replied to: 2004-03-17 03:39:52 and then makeup: If you still want to limit which users are available, please manage the allowgroups and the AllowUsers setting. Or use PAM, also line: 1) Modify /etc/pam.d/sshd Auth Required Pam_ListFile.so item = user sense = allow file = / etc / sshusers OneRR = Fail 2) Write the user you want into / etc / sshusers Such as: echo "root" >> / etc / sshusers
Express Reply to: 2004-03-17 10:18:56 Nets, write well, thank you: lol:.
Sunaska Reply to: 2004-03-17 15:08:22 Good, test, now
