能否如此限定 ssh？

自由建客 · **发表于 :** 2017-03-07 9:46

要 root 只能从 eth1 登录，但其余帐户可从 eth0 登录。

poloshiao · **发表于 :** 2017-03-07 11:13

引用:

要 root 只能从 eth1 登录，但其余帐户可从 eth0 登录。

可以把這些條件寫在 SSH Server 端的 authorized_keys
細節參閱
http://man.he.net/man5/authorized_keys
added to the per-user file

susbarbatus · **发表于 :** 2017-03-07 11:25

比较简单的做法是，起两个进程，用两份配置吧……

自由建客 · **发表于 :** 2017-03-07 20:54

引用:

AllowUsers
This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts. The allow/deny directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.

See PATTERNS in ssh_config(5) for more information on patterns.

懂洋文真好，机器翻译还是不行

poloshiao · **发表于 :** 2017-03-08 10:29

提供一個例子
http://troy.jdmz.net/rsnapshot/
寫在 authorized_keys
Restricting The Key :

引用:

from="10.1.1.1",command="/home/remoteuser/cron/validate-rsync" ssh-dss AAAAB3Nza
... 中間省略
j2yBgN5cy8arlZ80q1Mcy763RjYGkR/FkLJ611HWIA= root@localhost.example.com

1. from="10.1.1.1" 只限從 10.1.1.1 連線
2. /home/remoteuser/cron/validate-rsync 連線後先執行這個檔案
3. 限於使用者 root@localhost.example.com

能否如此限定 ssh？

在线用户