To Deny user direct login via
ssh but allow login in between servers we can user below “Match” method, This
will Allow Ranjith_P04 user to login only from 10.18.43.69/10.18.43.70/10.18.43.71
servers and the same user is denied to login from entire network 10.18.*.*
This needs to be added in last
line of /etc/ssh/sshd_config file with same order in all 3 servers and restart
sshd service
Also need to remove
“DenyUsers Ranjith_P04” line from /etc/ssh/sshd_config in order allow the user
to login via ssh in between the given servers.
Match User Ranjith_P04
Address 10.18.43.69
PasswordAuthentication yes
Match User Ranjith_P04
Address 10.18.43.70
PasswordAuthentication yes
Match User Ranjith_P04
Address 10.18.43.71
PasswordAuthentication yes
Match User Ranjith_P04
Address 10.18.*.*
PasswordAuthentication no
No comments:
Post a Comment