From owner-freebsd-doc@FreeBSD.ORG  Wed Apr 27 19:00:33 2005
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Delivered-To: freebsd-doc@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 102CF16A4CF
	for <freebsd-doc@hub.freebsd.org>;
	Wed, 27 Apr 2005 19:00:33 +0000 (GMT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DB33343D41
	for <freebsd-doc@hub.freebsd.org>;
	Wed, 27 Apr 2005 19:00:32 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j3RJ0Wi6039175
	for <freebsd-doc@freefall.freebsd.org>; Wed, 27 Apr 2005 19:00:32 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j3RJ0Wp3039174;
	Wed, 27 Apr 2005 19:00:32 GMT
	(envelope-from gnats)
Date: Wed, 27 Apr 2005 19:00:32 GMT
Message-Id: <200504271900.j3RJ0Wp3039174@freefall.freebsd.org>
To: freebsd-doc@FreeBSD.org
From: Brad Davis <so14k@so14k.com>
Subject: Re: docs/80416: Add information on how to use AllowUsers to the
	OpenSSH section
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Brad Davis <so14k@so14k.com>
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2005 19:00:33 -0000

The following reply was made to PR docs/80416; it has been noted by GNATS.

From: Brad Davis <so14k@so14k.com>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: docs/80416: Add information on how to use AllowUsers to the OpenSSH section
Date: Wed, 27 Apr 2005 12:58:35 -0600

 Fix a typo where my fingers got ahead of themselves. Noticed by remko@
 
 
 --- doc-ori/en_US.ISO8859-1/books/handbook/security/chapter.sgml	Wed Apr 27 01:28:51 2005
 +++ doc/en_US.ISO8859-1/books/handbook/security/chapter.sgml	Wed Apr 27 12:56:10 2005
 @@ -4546,6 +4546,39 @@
      </sect2>
  
      <sect2>
 +      <title>AllowUsers - Controlling what users are allowed to login
 +        and from where</title>
 +
 +      <para>It is often a good idea to only allow users to login from a
 +        certain host and not allow other users to login at all.
 +        AllowUsers is a good way to accomplish this. For example, to
 +        only allow the root user to login from <hostid
 +        role="ipaddr">192.168.1.32</hostid>, something like this would
 +        be appropriate for &man.sshd_config.5;:</para>
 +
 +      <programlisting>AllowUsers root@192.168.1.32</programlisting>
 +
 +      <para>To allow a user, admin, to login from anywhere, use a
 +        <quote>*</quote>:</para>
 +
 +      <programlisting>AllowUsers admin@*</programlisting>
 +
 +      <para>Multiple users will all be listed on the same line:</para>
 +
 +      <programlisting>AllowUsers root@192.168.1.32 admin@*</programlisting>
 +
 +      <note>
 +        <para>It is important that you list each user that needs to
 +          login to this machine, otherwise they will be locked out.</para>
 +      </note>
 +
 +      <para>After making any changes to <filename>sshd_config</filename>
 +         you must restart &man.sshd.8; by running:</para>
 +
 +      <programlisting>&prompt.root; killall -HUP sshd</programlisting>
 +    </sect2>
 +
 +    <sect2>
        <title>Further Reading</title>
        <para><ulink url="http://www.openssh.com/">OpenSSH</ulink></para>
        <para>&man.ssh.1; &man.scp.1; &man.ssh-keygen.1;