Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

sshd_config access keywords question.

from [Emerson Farrugia] Network Security [Permanent Link]
Subject: sshd_config access keywords question.
Date: Mon, 9 Oct 2006 11:55:19 -0700 (PDT) 


Hi,

I'm running OpenSSH 4.4 on OpenBSD 3.9-stable and I'm trying to configure ssh 
access to my machine. I'd like to implement a relatively simple access policy, 
in my opinion, using the AllowUsers, AllowGroups, DenyUsers, and DenyGroups 
keywords, but I haven't managed.


The policy I'm trying to implement is that access should be allowed for users 
in the group ssh, for users in the group lanssh if they are connecting from my 
network, and for nobody else. Is this even possible?


The configuration most likely to succeed that I've tried so far is

AllowGroups ssh lanssh@192.168.0.*

but the latter identifier is just ignored.


I would even settle for writing the individual usernames that are allowed 
lanssh access in sshd_config, but I've been unable to do that too. For 
instance, for a privileged user lanuser in group lanssh, the following

DenyUsers lanuser@!192.168.0.*
AllowGroups ssh lanssh

doesn't prevent lanuser from logging in from other hosts.


Any help would be greatly appreciated.

Thanks,
Emerson
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Decrypting an ssh session knowing the private key?, Patrick Morris
Next by Date:  Re: Decrypting an ssh session knowing the private key?, Giancarlo Razzolini
Previous by Thread:  Decrypting an ssh session knowing the private key?, Jeff Sadowski
Next by Thread:  Re: sshd_config access keywords question., Benjamin Donnachie
Indexes:  [Date] [Thread] [Top] [All Lists]