From owner-freebsd-doc@FreeBSD.ORG Wed Apr 27 19:15:56 2005 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2093116A4CE; Wed, 27 Apr 2005 19:15:56 +0000 (GMT) Received: from abigail.blackend.org (blackend.org [212.11.35.229]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2239A43D39; Wed, 27 Apr 2005 19:15:55 +0000 (GMT) (envelope-from marc@blackend.org) Received: from gothic.blackend.org (gothic.blackend.org [192.168.1.203]) j3RJFrUd078184; Wed, 27 Apr 2005 21:15:53 +0200 (CEST) (envelope-from marc@abigail.blackend.org) Received: from gothic.blackend.org (localhost.blackend.org [127.0.0.1]) by gothic.blackend.org (8.13.3/8.13.3) with ESMTP id j3RJFrQX065056; Wed, 27 Apr 2005 21:15:53 +0200 (CEST) (envelope-from marc@gothic.blackend.org) Received: (from marc@localhost) by gothic.blackend.org (8.13.3/8.13.3/Submit) id j3RJFrdW065055; Wed, 27 Apr 2005 21:15:53 +0200 (CEST) (envelope-from marc) Date: Wed, 27 Apr 2005 21:15:53 +0200 From: Marc Fonvieille To: Brad Davis Message-ID: <20050427191552.GI54002@gothic.blackend.org> Mail-Followup-To: Brad Davis , freebsd-doc@FreeBSD.org, bug-followup@freebsd.org References: <200504271900.j3RJ0Wp3039174@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200504271900.j3RJ0Wp3039174@freefall.freebsd.org> User-Agent: Mutt/1.4.2.1i X-Useless-Header: blackend.org X-Operating-System: FreeBSD 5.4-STABLE cc: freebsd-doc@FreeBSD.org cc: bug-followup@FreeBSD.org Subject: Re: docs/80416: Add information on how to use AllowUsers to the OpenSSH section X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Apr 2005 19:15:56 -0000 On Wed, Apr 27, 2005 at 07:00:32PM +0000, Brad Davis wrote: > The following reply was made to PR docs/80416; it has been noted by GNATS. > > From: Brad Davis > To: bug-followup@freebsd.org > Cc: > Subject: Re: docs/80416: Add information on how to use AllowUsers to the OpenSSH section > Date: Wed, 27 Apr 2005 12:58:35 -0600 > > Fix a typo where my fingers got ahead of themselves. Noticed by remko@ > > > --- doc-ori/en_US.ISO8859-1/books/handbook/security/chapter.sgml Wed Apr 27 01:28:51 2005 > +++ doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml Wed Apr 27 12:56:10 2005 > @@ -4546,6 +4546,39 @@ > > > > + AllowUsers - Controlling what users are allowed to login > + and from where > + I think you don't need to mention the option name in the title, but you have to respect "Chigaco style" for titles like: Controlling Which Users Are Allowed to Login and From Where > + It is often a good idea to only allow users to login from a > + certain host and not allow other users to login at all. > + AllowUsers is a good way to accomplish this. For example, to The AllowUsers option is a good way to accomplish this. For example, to > + only allow the root user to login from root user to login from + role="ipaddr">192.168.1.32, something like this would > + be appropriate for &man.sshd_config.5;: be appropriate in the /etc/ssh/sshd_config file: > + > + AllowUsers root@192.168.1.32 > + > + To allow a user, admin, to login from anywhere, use a > + *: To allow a user, admin, to login from anywhere, use the following: > + > + AllowUsers admin@* > + AllowUsers admin yes, @* is useless > + > + Multiple users will all be listed on the same line: > + > + AllowUsers root@192.168.1.32 admin@* AllowUsers root@192.168.1.32 admin > + > + > + It is important that you list each user that needs to > + login to this machine, otherwise they will be locked out. > + > + > + After making any changes to sshd_config > + you must restart &man.sshd.8; by running: > + > + &prompt.root; killall -HUP sshd > + > + > + > Further Reading > OpenSSH > &man.ssh.1; &man.scp.1; &man.ssh-keygen.1; Marc