From owner-freebsd-questions@FreeBSD.ORG  Fri Apr 18 23:17:20 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E47B0106566B
	for <freebsd-questions@freebsd.org>;
	Fri, 18 Apr 2008 23:17:20 +0000 (UTC)
	(envelope-from pauls@utdallas.edu)
Received: from smtp3.utdallas.edu (smtp3.utdallas.edu [129.110.10.49])
	by mx1.freebsd.org (Postfix) with ESMTP id C5D5C8FC18
	for <freebsd-questions@freebsd.org>;
	Fri, 18 Apr 2008 23:17:20 +0000 (UTC)
	(envelope-from pauls@utdallas.edu)
Received: from utd65257.utdallas.edu (utd65257.utdallas.edu [129.110.3.28])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp3.utdallas.edu (Postfix) with ESMTP id 54E2165513;
	Fri, 18 Apr 2008 18:17:20 -0500 (CDT)
Date: Fri, 18 Apr 2008 18:17:20 -0500
From: Paul Schmehl <pauls@utdallas.edu>
To: Gilles <gilles.ganault@free.fr>, freebsd-questions@freebsd.org
Message-ID: <1BAE8CB205D00540B5A4504F@utd65257.utdallas.edu>
In-Reply-To: <i37i04lb137hus1akad67vjlcb022ftbob@4ax.com>
References: <2tng04doovnmtkr7or9kfkb596fgjfoj1c@4ax.com>
	<48086425.5080608@wire-consulting.com>
	<i37i04lb137hus1akad67vjlcb022ftbob@4ax.com>
X-Mailer: Mulberry/4.0.8 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: 
Subject: Re: [SSHd] Limiting access from authorized IP's
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Apr 2008 23:17:21 -0000

--On Saturday, April 19, 2008 00:12:41 +0200 Gilles <gilles.ganault@free.fr> 
wrote:

> On Fri, 18 Apr 2008 10:04:37 +0100, FreeBSD - Wire Consulting
> <freebsd@wire-consulting.com> wrote:
> (snip)
>
> Seems like I didn't do it right:
>
> /etc/ssh/sshd_config:
> [...]
> AllowHosts 192.168.0 82.227.x.x
>
># /etc/rc.d/sshd restart
> Stopping sshd.
> Starting sshd.
> /etc/ssh/sshd_config: line 119: Bad configuration option: AllowHosts
> /etc/ssh/sshd_config: terminating, 1 bad configuration options
>

I don't see an "AllowHosts" option in man (5) sshd_config.  There's 
AllowGroups, AllowTcpForwarding, AllowUsers, but no AllowHosts.

If you want to restrict sshd logins by host, you can use AllowUsers like this:

AllowUsers user1@host1 user1@host2 user1@host3 user2@host1 user2@host6

etc., etc.  The list is space-separated on a single line.

-- 
Paul Schmehl (pauls@utdallas.edu)
Senior Information Security Analyst
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/