Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 3193] Add separate section in sshd_config man page on Access Control
bugzilla-daemon at mindrot
Jul 18, 2020, 8:27 AM
Post #1 of 2 (188 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3193

Stephen Satchell <spamfilter@satchell.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |spamfilter@satchell.net

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3193] Add separate section in sshd_config man page on Access Control [ In reply to ]
bugzilla-daemon at mindrot
Jul 21, 2020, 6:42 AM
Post #2 of 2 (186 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3193

--- Comment #1 from Stephen Satchell <spamfilter@satchell.net> ---
I've added a bit to my new server using Open SSH. This
is specific to a server, not a general access system
To summarize:

# Boilerplate
PermitRootLogin no
PermitEmptyPasswords no
IgnoreRhosts yes
DenyUsers root
# Add DenyUsers for all "role" accounts
DenyUsers nobody
# Set up mostly-closed security model
DenyUsers @*
# Allow specific user from internal network
AllowUsers user@10.1.1.*
# Allow specific user from outside IP address
AllowUsers user@1.2.3.4
AllowUsers user@5.6.7.8
AllowUsers user@9.10.11.12

Again, permission to use is given to anyone.

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal