Re: Problem, possibly bug with AllowUsers & DenyUsers
This is a discussion on Re: Problem, possibly bug with AllowUsers & DenyUsers within the OpenSSH Development forums, part of the Networking and Network Related category; On Fri, 9 May 2008, Peter Stuge wrote: > On Thu, May 08, 2008 at 11:42:23PM -0500, Andy ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
4 Days Ago
|
|||
|
|||
Re: Problem, possibly bug with AllowUsers & DenyUsers
On Fri, 9 May 2008, Peter Stuge wrote:
> On Thu, May 08, 2008 at 11:42:23PM -0500, Andy Tsouladze wrote: >> Essentially, regular users should be able to login from any >> network, while root should be able to login only from a private >> network 192.168.88.0/22. > >> AllowUsers root@192.168.88.* !root@* >> Result: BAD. root can login only from 192.168.88.0/24 but other >> users cannot login at all. > > What if you change the order and/or space to a comma? > > AllowUsers !root@*,root@192.168.88.* Tried it - does not make a difference. Besides, even AllowUsers !root@* alone does not work. I was not able to find a single instance where negation would work. > You could also try using Match. Great idea! It does seem to accomplish what I need, but I have to use multiple Match lines, like this: PermitRootLogin no Match Address 192.168.89.* PermitRootLogin yes Match Address 192.168.88.* PermitRootLogin yes .... BTW, negation does not work within Match block either... Thanks a lot, Andy Dr Andy Tsouladze Sr Unix SysAdmin/System Architect United Airlines _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/li...enssh-unix-dev 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 05:36 PM.
