能否如此限定 ssh?
发表于 : 2017-03-07 9:46
要 root 只能从 eth1 登录,但其余帐户可从 eth0 登录。
可以把這些條件寫在 SSH Server 端的 authorized_keys要 root 只能从 eth1 登录,但其余帐户可从 eth0 登录。
細節參閱
http://man.he.net/man5/authorized_keys
added to the per-user file
可以把這些條件寫在 SSH Server 端的 authorized_keys要 root 只能从 eth1 登录,但其余帐户可从 eth0 登录。
懂洋文真好,机器翻译还是不行AllowUsers
This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts. The allow/deny directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
See PATTERNS in ssh_config(5) for more information on patterns.
1. from="10.1.1.1" 只限 從 10.1.1.1 連線from="10.1.1.1",command="/home/remoteuser/cron/validate-rsync" ssh-dss AAAAB3Nza
... 中間省略
j2yBgN5cy8arlZ80q1Mcy763RjYGkR/FkLJ611HWIA= [email protected]