Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

Allow user@ip_good but deny user@any_other_ip in sshd.

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers Allow user@ip_good but deny user@any_other_ip in sshd.
# 1  
Old 08-25-2010
Allow user@ip_good but deny user@any_other_ip in sshd.
Is it possible?

Scenario:
ALLOW only access from: userok@ip_good
DENY access from userok@*
and
ALLOW acces from *@*


Regards
ISrael.
# 2  
Old 08-25-2010
Lookup /etc/hosts.deny and /etc/hosts.allow this will do what you want.
# 3  
Old 08-25-2010
There are 2 options for that in sshd_config (man sshd_config). One is AllowUsers, the other DenyUsers. I used so far the DenyUsers option together with wildcards and it worked well. Maybe try it out and check the man page.
For the order of permission, the man page says:
Quote:
The allow/deny directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
# 4  
Old 08-25-2010
Well, I tested that way

AllowUsers userok@ip_good
DenyUsers userok@*

And it did not work. This way it always get DenyUsers. NOTE: I'm running on AIX6.

thanks
Last edited by iga3725; 08-25-2010 at 10:38 AM..
# 5  
Old 08-25-2010
As already stated in the quoted man page from sshd_config you 1st deny and then allow for users.

Edit:
Quote:
The allow/deny directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
Last edited by zaxxon; 08-25-2010 at 11:35 AM.. Reason: pointing out importance of order
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to Switch from Local user to root user from a shell script?

Hi, I need to switch from local user to root user in a shell script. I need to make it automated so that it doesn't prompt for the root password. I heard the su command will do that work but it prompt for the password. and also can someone tell me whether su command spawns a new shell or... (1 Reply)
Discussion started by: Little
1 Replies

2. UNIX for Dummies Questions & Answers

Switching from root to normal user takes me to user's home dir

Whenever i switch from root to another user, by doing su - user, it takes me to home directory of user. This is very annoying as i want to be in same dir to run different commands as root sometimes and sometimes as normal user. How to fix this? (1 Reply)
Discussion started by: syncmaster
1 Replies

3. Solaris

Is it possible to deny a user to use Vi editor in Solaris?

Hi, I want to deny Vi editor to few users, is it possible to do the same in Solaris 10. If yes, then how? Thanks in advance............ (2 Replies)
Discussion started by: ajhal04
2 Replies

4. Shell Programming and Scripting

Update LDIF User info based on Test User Certs ID's

Hi I need help.......... I have an Sun One Directory server LDIF file with 5000 user entries, I need to change the data to match Test ID's, so I can run a perf test. I'm way out of my league as I have not done any scripting for 10 years. There are four entries for each user in the file... (3 Replies)
Discussion started by: Macdaddy99
3 Replies

5. UNIX for Advanced & Expert Users

Determining if user is local-user in /etc/passwd or LDAP user

Besides doing some shell-script which loops through /etc/passwd, I was wondering if there was some command that would tell me, like an enhanced version of getent. The Operating system is Solaris 10 (recent-ish revision) using Sun DS for LDAP. (5 Replies)
Discussion started by: ckmehta
5 Replies

6. Solaris

User entry in both cron.allow and cron.deny

Hello All, Anybody please help me to know ,what happens when a user having entry in both cron.allow and cron.deny files.Wheather the user will be able to access the crontab??? Thanks in advance Vaisakh (5 Replies)
Discussion started by: ksvaisakh
5 Replies

7. Shell Programming and Scripting

root user command in shell script execute as normal user

Hi All I have written one shell script for GPRS route add is given below named GPRSRouteSet.sh URL="www.google.com" VBURL="10.5.2.211" echo "Setting route for $URL for GPRS" URL_Address=`nslookup $URL|grep Address:|grep -v "#"|awk -F " " '{print $2}'|head -1` echo "Executing ... (3 Replies)
Discussion started by: mnmonu
3 Replies

8. UNIX for Dummies Questions & Answers

Difference between : Locked User Account & Disabled User Accounts in Linux ?

Thanks AVKlinux (3 Replies)
Discussion started by: avklinux
3 Replies

9. Shell Programming and Scripting

How do i change to super user then revert back to ordinary user ,using shell script?

Hi all, I am trying to eject the cdrom from a livecd after certain stage... Now assuming that it is possible to eject,please consider my issue!!! The OS boots into a regular user by default...so i am unable to use the eject command to push out the drive... However if i try pfexec eject it... (3 Replies)
Discussion started by: wrapster
3 Replies

10. UNIX for Dummies Questions & Answers

Deny dba command to a user group!!

Dear all i am relatively new in using UNIX i have a problem, We are using IBM Informix Dynamic Server Version 9.40.FC7W4 we have 2 bsic user groups that we are using the 1st is root and another i wasnt to restrict the command "dba" that takes the users of that group to the database. I have... (3 Replies)
Discussion started by: masquerer
3 Replies
Login or Register to Ask a Question