I need to allow root logins over SSH from the local network, but deny
root logins from external networks.
So, I've added this to my /etc/security/access.conf:
+ : root : 172.16.1.0/24 #green network
+ : root : 160.1.1.0/24 #DMZ
- : root : ALL
(IPs have been changed to protect the innocent!)
And in my sshd_config file I have set
PermitRootLogin yes
PasswordAuthentication yes
UsePAM yes
(I also need to allow external users to connect sometimes, without an
SSH key. So the keyboard passwords are needed.)
This seems to be working, and I can connect from the internal network
with the root account (using my ssh key), yet external access via root
is being denied though it is allowing a password entry (and I used the
right password).
Is there a better way to set this sort of thing up? Specifically,
allowing root logins from the internal network but not remote networks?
(for the curious, I need root access internally so that I can use the
graphical tools (convenience!) to transfer files to the public web server).
Thanks for any feedback.
Shawn
_______________________________________________
clug-talk mailing list
clug-talk@clug.ca
http://clug.ca/mailman/listinfo/clug-talk_clug.ca
Mailing List Guidelines (http://clug.ca/ml_guidelines.php)
**Please remove these lines when replying
