From owner-freebsd-questions@FreeBSD.ORG Fri Apr 18 23:17:20 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E47B0106566B for ; Fri, 18 Apr 2008 23:17:20 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from smtp3.utdallas.edu (smtp3.utdallas.edu [129.110.10.49]) by mx1.freebsd.org (Postfix) with ESMTP id C5D5C8FC18 for ; Fri, 18 Apr 2008 23:17:20 +0000 (UTC) (envelope-from pauls@utdallas.edu) Received: from utd65257.utdallas.edu (utd65257.utdallas.edu [129.110.3.28]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp3.utdallas.edu (Postfix) with ESMTP id 54E2165513; Fri, 18 Apr 2008 18:17:20 -0500 (CDT) Date: Fri, 18 Apr 2008 18:17:20 -0500 From: Paul Schmehl To: Gilles , freebsd-questions@freebsd.org Message-ID: <1BAE8CB205D00540B5A4504F@utd65257.utdallas.edu> In-Reply-To: References: <2tng04doovnmtkr7or9kfkb596fgjfoj1c@4ax.com> <48086425.5080608@wire-consulting.com> X-Mailer: Mulberry/4.0.8 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: Subject: Re: [SSHd] Limiting access from authorized IP's X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Apr 2008 23:17:21 -0000 --On Saturday, April 19, 2008 00:12:41 +0200 Gilles wrote: > On Fri, 18 Apr 2008 10:04:37 +0100, FreeBSD - Wire Consulting > wrote: > (snip) > > Seems like I didn't do it right: > > /etc/ssh/sshd_config: > [...] > AllowHosts 192.168.0 82.227.x.x > ># /etc/rc.d/sshd restart > Stopping sshd. > Starting sshd. > /etc/ssh/sshd_config: line 119: Bad configuration option: AllowHosts > /etc/ssh/sshd_config: terminating, 1 bad configuration options > I don't see an "AllowHosts" option in man (5) sshd_config. There's AllowGroups, AllowTcpForwarding, AllowUsers, but no AllowHosts. If you want to restrict sshd logins by host, you can use AllowUsers like this: AllowUsers user1@host1 user1@host2 user1@host3 user2@host1 user2@host6 etc., etc. The list is space-separated on a single line. -- Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/