FreeBSD Bugzilla – Attachment 53150 Details for
Bug 80416
Add information on how to use AllowUsers to the OpenSSH section
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 1.76 KB, created by
Brad Davis
on 2005-04-27 19:50:20 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Brad Davis
Created:
2005-04-27 19:50:20 UTC
Size:
1.76 KB
patch
obsolete
>--- doc-ori/en_US.ISO8859-1/books/handbook/security/chapter.sgml Wed Apr 27 01:28:51 2005 >+++ doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml Wed Apr 27 05:55:23 2005 >@@ -1,4 +1,4 @@ >-<!-- >+t!-- > The FreeBSD Documentation Project > > $FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v 1.269 2005/04/26 13:43:06 keramida Exp $ >@@ -4543,6 +4543,39 @@ > 8000, successfully evading the firewall.</para> > </sect4> > </sect3> >+ </sect2> >+ >+ <sect2> >+ <title>AllowUsers - Controlling what users are allowed to login >+ and from where</title> >+ >+ <para>It is often a good idea to only allow users to login from a >+ certain host and not allow other users to login at all. >+ AllowUsers is a good way to accomplish this. For example, to >+ only allow the root user to login from <hostid >+ role="ipaddr">192.168.1.32</hostid>, something like this would >+ be appropriate for &man.sshd_config.5;:</para> >+ >+ <programlisting>AllowUsers root@192.168.1.32</programlisting> >+ >+ <para>To allow a user, admin, to login from anywhere, use a >+ <quote>*</quote>:</para> >+ >+ <programlisting>AllowUsers admin@*</programlisting> >+ >+ <para>Multiple users will all be listed on the same line:</para> >+ >+ <programlisting>AllowUsers root@192.168.1.32 admin@*</programlisting> >+ >+ <note> >+ <para>It is important that you list each user that needs to >+ login to this machine, otherwise they will be locked out.</para> >+ </note> >+ >+ <para>After making any changes to <filename>sshd_config</filename> >+ you must restart &man.sshd.8; by running:</para> >+ >+ <programlisting>&prompt.root; killall -HUP sshd</programlisting> > </sect2> > > <sect2>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=53150">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 80416
: 53150