I have a question I hope someone can help me with. I am trying to restrict ssh logins for a particular user account to a group of ip addresses. I don't my other user accounts to be restricted in this way. Does anyone one if this is possible?

Thank you for the help.

I would also be interested in doing this, if anyone has any suggestions.

Read:

man sshd_config

Choose the options you like and then edit your:

/etc/ssh/sshd_config





I usually change the port mine listens on, alow only protocol 2, allow only a special group to login (of which the only users in that group are my wife and I), and disable root logins (you can always "su").


Have fun, be safe

I'm having a little trouble under standing the question. Are you trying to restrict certain users or a range of IP's?

I was under the impression that if I disabled a root login, that certain programs would not be able to function properly any longer.

SU, as far as I know, is the same as actually logging in as root.

The only thing I know that may not work is running scripts that have password-less logins that require root access. (for example some automatic rsync backup scripts are set up this way)

If you simply need a root command prompt on a remote machine, SU works great. It is far safer to disable root logins. The reason is that, one-- they have to guess a valid user name, two -- they have to brute force 2 passwords (the user that they guessed and the root password -- dont let anyone give ya the finger, disable finger).


Have fun and be safe


Dan