-----Urspr|ngliche Nachricht----- Von: Jeff Nelson <[EMAIL PROTECTED]> Gesendet: 09.08.06 02:37:53 An: misc@openbsd.org Betreff: Re: sshd question
On Tue, Aug 08, 2006 at 10:04:03AM +0200, holger glaess wrote: > i hope this list is the right one for my question . > > i look for an funktion to limit the login by name AND ip range. > > example. > > root login ALLOW from www.xxx.yyy.zzz > deny from all > > myname login ALLOW from all > deny from www.xxx.yyy.zzz The OpenBSD sshd is compiled with libwrap support. Please see: man 5 hosts.allow man 5 hosts.deny Have a great day! -jeff hi thanks all for answer but it dosen4t work for me or what i want. ok my setup 2 boxes with seperate ips and carp ip. the ssh listen to localhost and to the interface ips not to the carp ip. i do an rdr on wan_if proto tcp from any to carp ip port 22 -> 127.0.0.1 port 22 an block any ok what i want is that the authpf user are able to logon to the carp ip for authentication but not root if the authpf user are authenticated the root are able to logon to the intrerface ip / this is done by authpf rules ) if i do an AllowUsers authpf at sshd_config the root user doesn4t able to logon to the box ( dosen4t matter the ip / interface ) ( tjhe log file says "root user are not in AllowUsers bla bla ". can anyone help me ? holger
