[clug] Starting k/ubuntu - Debian

Andrew Janke a.janke at gmail.com
Tue May 15 00:50:18 GMT 2007

> The access.conf is used by all login programs through pam, so it covers gdm,
> mingetty etc. I usually do something like:
> +:mic:ALL
> +:ALL:10.
> This says that mic (my username) is allowed to log in from everywhere, but
> everyone else can only log in from the 10. network. This is because I just know
> the rest of the family have crappy passwords but there is nothing i can do
> about it.

:)  thanks..

> I actually was not aware you can specify which users can login
> from where using sshd.conf (if so can you provide an example?). I.e. each of
> those subsystems have a chance to stop the login in turn.

   AllowUsers rotor

will only allow me in.

   AllowUsers rotor at some.address.com

is even more restrictive.

There is also an AllowGroups directive.

   man sshd_config

has lots and lots of things for the bored. :)

Of course if you want to get ridiculous you should also start adding
things like this into your ssh keys in ~/.ssh/authorized_keys

   from="hostname,hostname.fred.blogs.com" ssh-dss AAAA.......<lots of
   characters that I am not copying... :)


More information about the linux mailing list