[SSH] User Disallow from all hosts except one
Hi,
I have a requirement to implement SSH Services in a way, oracle user should be disallowed from everywhere other then one host. While no restrictions for other users. I worked with DenyUsers, but it disallow oracle logins from all hosts. |
I would *strongly* suggest that you don't deal with this at ssh level, but use tcpwrappers by editing /etc/hosts.allow and /etc/hosts.deny.
so in hosts.allow: Code:
sshd : oracle@host Code:
sshd : oracle@* |
Thanks, I have just tried your suggestion. After adding the entries i don't see any ristriction. I also restarted the network service, ssh service but nothing happened. Do i need to restart something else as well?
|
acid_kewpie's suggestion should work.
Can you post your hosts.allow & hosts.deny files and sshd_config? Personally I prefer to put Code:
ALL : ALL |
Quote:
|
well that would be ALL : ALL as per the post, but that will mean no other users will be able to ssh in from anywhere, but the point then would be to go back to hosts.allow and put more specific allows in there.
|
Quote:
|
Why not use iptables?
|
comparatively tcp wrapper is best for you qury
|
You can use the EXCEPT keyword. This is from the "man 5 hosts_access" man page:
Code:
-- sorry, I forgot you wanted oracle at one host permission. Would /etc/hosts.deny sshd: oracle@ALL EXCEPT oracle@<allowed_host> work for you? |
Nope that also not working, i guess i would have to use something else to tackle this ..
Thanks everyone |
Quote:
|
Quote:
|
erm or you could setup sshd properly. xD
/etc/ssh/sshd_config Code:
# Example of overriding settings on a per-user basis |
All times are GMT -5. The time now is 04:02 AM. |