From: http://www.cyberciti.biz/tips/openssh-root-user-account-restriction-revisited.html
Let us say you want to allow user root and vivek login from IP address 202.54.1.20 only.
Open file /etc/security/access.conf
# vi /etc/security/access.conf
Append following line:
-: ALL EXCEPT root vivek:202.54.1.20
Save the file and Open /etc/pam.d/sshd file :
# vi /etc/pam.d/sshd
Append following entry
account required pam_access.so
Save and close the file.
Now ssh will only accept login access from root/vivek from IP address 202.54.1.20. Now if user vivek (or root) try to login ssh server from IP address 203.111.12.3 he will get'Connection closed by xxx.xxx.xx.xx'; error and following log entry should be written to your log file
User 控制:
加在 /etc/pam.d/sshd 第一行
auth required pam_listfile.so onerr=fail item=user sense=allow file=/etc/sshd/allow_list
/etc/sshd/allow_list 內容為 username, 一行一個 account
沒有留言:
張貼留言