From owner-freebsd-security@FreeBSD.ORG Thu Oct 7 22:16:15 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0099816A4CE for ; Thu, 7 Oct 2004 22:16:15 +0000 (GMT) Received: from mail.redefine.org (kevin.khimetrics.com [63.241.155.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id C517743D31 for ; Thu, 7 Oct 2004 22:16:14 +0000 (GMT) (envelope-from coggy@redefine.org) Received: from [10.1.1.2] (home.redefine.org [207.192.249.6]) by mail.redefine.org (Postfix) with ESMTP id 6B59629 for ; Thu, 7 Oct 2004 13:14:17 -0700 (MST) Message-ID: <4165A38F.4040009@redefine.org> Date: Thu, 07 Oct 2004 13:14:07 -0700 From: Kevin User-Agent: Mozilla Thunderbird 0.8 (Windows/20040913) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Question restricting ssh access for some users only X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Oct 2004 22:16:15 -0000 Jim Hatfield wrote: > Now I want to create a new account on one machine which will be > accessible from the Internet as a whole, to be used for tunnelling of > SMTP and POP3. I can't predict what the client IP address will be so I > will have to remove the hosts.allow restriction. Is there any way I > can: have you tried using /etc/login.access? # Login access control table. # # When someone logs in, the table is scanned for the first entry that # matches the (user, host) combination, or, in case of non-networked # logins, the first entry that matches the (user, tty) combination. The # permissions field of that table entry determines whether the login will # be accepted or refused.