On February 14, 2012, Mark Carlson wrote: > Did you try using a Match block in your sshd_config? > > I've never done it, but I think you would add something like this to > the *end* of the file: > > Match Address blah/24 > PermitRootLogin yes > >
AFAIK you can have multiple conditions in the Match
// global
PermitRootLogin no
// after global
// for shawn, internal
Match host 192.168.0.22, 192.168.0.23, <host>
PermitRootLogin yes
(... which is more secure than matching the entire internal subnet.)
// for clients external
Match host 64.123.123.123
PermitRootLogin yes
<other options for your client>
--
matches run until the EOF, or the next Match block is found. So it's like a
firewall ruleset. Turn everything off. Turn on only what you need for
certain scenarios.
Andy
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ clug-talk mailing list clug-talk@clug.ca http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
