Attachment #53150 for bug #80416

View | Details | Raw Unified | Return to bug 80416
Collapse All | Expand All




t!--
     The FreeBSD Documentation Project

     $FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v 1.269 2005/04/26 13:43:06 keramida Exp $

	    8000, successfully evading the firewall.</para>
        </sect4>
      </sect3>
    </sect2>

    <sect2>
      <title>AllowUsers - Controlling what users are allowed to login
        and from where</title>

      <para>It is often a good idea to only allow users to login from a
        certain host and not allow other users to login at all.
        AllowUsers is a good way to accomplish this. For example, to
        only allow the root user to login from <hostid
        role="ipaddr">192.168.1.32</hostid>, something like this would
        be appropriate for &man.sshd_config.5;:</para>

      <programlisting>AllowUsers root@192.168.1.32</programlisting>

      <para>To allow a user, admin, to login from anywhere, use a
        <quote>*</quote>:</para>

      <programlisting>AllowUsers admin@*</programlisting>

      <para>Multiple users will all be listed on the same line:</para>

      <programlisting>AllowUsers root@192.168.1.32 admin@*</programlisting>

      <note>
        <para>It is important that you list each user that needs to
          login to this machine, otherwise they will be locked out.</para>
      </note>

      <para>After making any changes to <filename>sshd_config</filename>
         you must restart &man.sshd.8; by running:</para>

      <programlisting>&prompt.root; killall -HUP sshd</programlisting>
    </sect2>

    <sect2>

Return to bug 80416

Lines 1-4 Link Here

(-)doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml (-1 / +34 lines)
1	<!--	1	t!--
2	The FreeBSD Documentation Project	2	The FreeBSD Documentation Project
3		3
4	$FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v 1.269 2005/04/26 13:43:06 keramida Exp $	4	$FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v 1.269 2005/04/26 13:43:06 keramida Exp $
Lines 4543-4548 Link Here
4543	8000, successfully evading the firewall.</para>	4543	8000, successfully evading the firewall.</para>
4544	</sect4>	4544	</sect4>
4545	</sect3>	4545	</sect3>
		4546	</sect2>
		4547
		4548	<sect2>
		4549	<title>AllowUsers - Controlling what users are allowed to login
		4550	and from where</title>
		4551
		4552	<para>It is often a good idea to only allow users to login from a
		4553	certain host and not allow other users to login at all.
		4554	AllowUsers is a good way to accomplish this. For example, to
		4555	only allow the root user to login from <hostid
		4556	role="ipaddr">192.168.1.32</hostid>, something like this would
		4557	be appropriate for &man.sshd_config.5;:</para>
		4558
		4559	<programlisting>AllowUsers root@192.168.1.32</programlisting>
		4560
		4561	<para>To allow a user, admin, to login from anywhere, use a
		4562	<quote>*</quote>:</para>
		4563
		4564	<programlisting>AllowUsers admin@*</programlisting>
		4565
		4566	<para>Multiple users will all be listed on the same line:</para>
		4567
		4568	<programlisting>AllowUsers root@192.168.1.32 admin@*</programlisting>
		4569
		4570	<note>
		4571	<para>It is important that you list each user that needs to
		4572	login to this machine, otherwise they will be locked out.</para>
		4573	</note>
		4574
		4575	<para>After making any changes to <filename>sshd_config</filename>
		4576	you must restart &man.sshd.8; by running:</para>
		4577
		4578	<programlisting>&prompt.root; killall -HUP sshd</programlisting>
4546	</sect2>	4579	</sect2>
4547		4580
4548	<sect2>	4581	<sect2>