Hi Fellow Marks, I normally don't reply here however the simple solution is to run a 2nd instance of sshd on any random port you choose, ie. "sshd -f /etc/ssh/sshd_config_private" or whatever you choose. You could then easily firewall that port and only allow specific IP's to connnect. Thanks, Mark -- **************************************************** Mark Skurzynski * Lomag Internet Services, LLC [email protected] * http://www.lomag.net Edison, NJ USA * 908-754-2296 **************************************************** ----- Original Message ----- From: "Mark Stanislav" <[email protected]> To: "Mark Ogden" <[email protected]> Cc: <[email protected]> Sent: Thursday, October 07, 2004 2:39 PM Subject: Re: Question restricting ssh access for some users only > > On Oct 7, 2004, at 2:34 PM, Mark Ogden wrote: > > > Vlad GALU on Thu, Oct 07, 2004 at 09:22:16PM +0300 wrote: > >> On Thu, 7 Oct 2004 12:06:30 -0600, Mark Ogden <[email protected]> > >> wrote: > >>> Volker Kindermann on Thu, Oct 07, 2004 at 07:54:17PM +0200 wrote: > >>>> Hi Jim, > >>>> > >>>> > >>> But what if you have 1000 users? From my understanding you would have > >>> to add all users to the AllowUsers list. > >> > > Why can't you just make a script to do that? > > >> Or simply add all of them to one of the groups specified in > >> "AllowGroups". > > > > Yes I do understand how that would work. Yet me better explain what we > > would like to do: We have over 9000 users and about 100 different > > groups. We would like to allow root ssh login to our machines but only > > from one or two machines. We like to have root login to be able to run > > remote commands to all our machines. So is there a way to limit roots > > login from one or two machines? > > Why not just let them use 'sudo' or better yet, just give them access > to become root after they login to their initial shell? > > -Mark > > > > > -Mark > > > > _______________________________________________ > > [email protected] mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to > > "[email protected]" > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "[email protected]" > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"