-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Carmen Marcela Alegria C. wrote: | Ya habia probado : | | AllowUsers marce -----> efectivamente funciona | permitiendo unicamente a marce, pero puede ser | conexion desde cualquier host permitido por | iptables/tcpd. | | Y yo lo que quiero restringuir aun mas, es decir | [EMAIL PROTECTED] | | Gracias. Alguna otra idea? * Usa las restricciones en el firewall para que solo determinadas ip accedan al 22 filtrado. * Usa las restricciones del sistema en /etc/hosts.deny y allow debian
man sshd_config " HostbasedAuthentication ~ Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host ~ authentication is allowed (hostbased authentication). This option is similar to RhostsRSAAuthentication and ~ applies to protocol version 2 only. The default is ``no''.
~ AllowUsers ~ This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is ~ allowed only for user names that match one of the patterns. ~ '*' and '?' can be used as wildcards in the pat- ~ terns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all ~ users. If the pattern takes the form [EMAIL PROTECTED] then USER and HOST are separately checked, restricting logins to ~ particular users from particular hosts.
PD = www.google.com/linux?q=top+posting
| | | Marcela Alegria | | | --- Ricardo Frydman <[EMAIL PROTECTED]> wrote: | | Carmen Marcela Alegria C. wrote: | | Lista, | | | | Que tal? | | | | Les escribo porque no he logrado que funcione | como | | quiero mi configuracion de sshd. | | | | quiero restringuir el ssh solo a determinado | usuario | | en determinada maquina por lo que lei que se debe | usar | | la opcion AllowUsers del sshd_config | | | | AllowUsers [EMAIL PROTECTED] | Prueba AllowUsers marce | | | | | Reinicio mi servicio, intento desde la maq | | 192.168.0.2 conectarme como el usuario marce, pero | no | | lo logro | | | | En el server las bitacoras dicen: | | Apr 1 14:56:25 caban sshd[1822]: Failed none for | | illegal user marce from ::ffff:192.168.0.2 port | 38792 | | ssh2 | | Apr 1 14:56:28 caban PAM_unix[1822]: | authentication | | failure; (uid=0) -> marce for ssh service | | Apr 1 14:56:30 caban sshd[1822]: error: PAM: | | Authentication failure for illegal user marce from | | nombre.de.mi.maq | | | | las versiones de mi ssh son | ssh-3.8.1p1-8.sarge.4. | | | | Alguna idea? | | | | De antemano gracias :) | | | | Marcela Alegria | | | | | | | | |> _________________________________________________________ | | | Do You Yahoo!? | | La mejor conexión a internet y 25MB extra a tu | correo por $100 al mes. | http://net.yahoo.com.mx | | | | | | | -- | Ricardo A.Frydman | Consultor en Tecnología Open Source | Administrador de Sistemas | http://www.eureka-linux.com.ar |
- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
| _________________________________________________________ | Do You Yahoo!? | La mejor conexión a internet y 25MB extra a tu correo por $100 al mes. http://net.yahoo.com.mx
- -- Ricardo A.Frydman Consultor en Tecnología Open Source Administrador de Sistemas http://www.eureka-linux.com.ar
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCTp5Qkw12RhFuGy4RAor2AKCMQYPoDHX+/OxwTEs/JSvRNIhQ8wCeNoEN ZQIIt3gEGaTBH+NAUdO4IgY= =/0mX -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]