At 15:06 08.12.01, you wrote:
>I do want sshd to listen on all (0.0.0.0) but I would like to find a way
>to make it only accept connection attempts for a certain user from the
>internet but still allow several other users to connect from the LAN. I
>do know how to make it accept connections for only certain users - by
>using the AllowUsers config item in /etc/ssh/sshd_config. But this
>allows all the users specified, to connect on all interfaces ssh listens
>on, which is not what I want ideally. What would be better, is to allow
>several from the LAN to connect but only one (me) from the internet.
>This doesn't seem possible from my reading so far. Oh well.
If you log in with RSAkey authentication, you can set the 'from' option in
the $HOME/.ssh/authorized_keys
file.
$man sshd
AUTHORIZED_KEYS FILE FORMAT
..
from="pattern-list"
Specifies that in addition to RSA authentication, the canonical
name of the remote host must be present in the comma-separated
list of patterns (`*' and `?' serve as wildcards). The list may
also contain patterns negated by prefixing them with `!'; if the
canonical host name matches a negated pattern, the key is not ac-
cepted. ....
But I don't know how to manage it with password authentication, but keys
are any more secure for internet connections.
HTH
Jens
