docs/80416: Add information on how to use AllowUsers to the OpenSSH section

Brad Davis so14k at so14k.com
Wed Apr 27 18:50:22 UTC 2005 

>Number:         80416
>Category:       docs
>Synopsis:       Add information on how to use AllowUsers to the OpenSSH section
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 27 18:50:20 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Brad Davis
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
>Environment:
	System: FreeBSD mccaffrey.house.so14k.com 5.4-STABLE FreeBSD 5.4-STABLE #0: Wed Apr 20 22:22:19 MDT 2005 root at mccaffrey.house.so14k.com:/usr/obj/usr/src/sys/SMP i386
>Description:
	Add information on how to use AllowUsers to the OpenSSH section.
>How-To-Repeat:
>Fix:

--- doc-ori/en_US.ISO8859-1/books/handbook/security/chapter.sgml	Wed Apr 27 01:28:51 2005
+++ doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml	Wed Apr 27 05:55:23 2005
@@ -1,4 +1,4 @@
-<!--
+t!--
      The FreeBSD Documentation Project
 
      $FreeBSD: doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml,v 1.269 2005/04/26 13:43:06 keramida Exp $
@@ -4543,6 +4543,39 @@
 	    8000, successfully evading the firewall.</para>
         </sect4>
       </sect3>
+    </sect2>
+
+    <sect2>
+      <title>AllowUsers - Controlling what users are allowed to login
+        and from where</title>
+
+      <para>It is often a good idea to only allow users to login from a
+        certain host and not allow other users to login at all.
+        AllowUsers is a good way to accomplish this. For example, to
+        only allow the root user to login from <hostid
+        role="ipaddr">192.168.1.32</hostid>, something like this would
+        be appropriate for &man.sshd_config.5;:</para>
+
+      <programlisting>AllowUsers root at 192.168.1.32</programlisting>
+
+      <para>To allow a user, admin, to login from anywhere, use a
+        <quote>*</quote>:</para>
+
+      <programlisting>AllowUsers admin@*</programlisting>
+
+      <para>Multiple users will all be listed on the same line:</para>
+
+      <programlisting>AllowUsers root at 192.168.1.32 admin@*</programlisting>
+
+      <note>
+        <para>It is important that you list each user that needs to
+          login to this machine, otherwise they will be locked out.</para>
+      </note>
+
+      <para>After making any changes to <filename>sshd_config</filename>
+         you must restart &man.sshd.8; by running:</para>
+
+      <programlisting>&prompt.root; killall -HUP sshd</programlisting>
     </sect2>
 
     <sect2>
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-doc mailing list