Sunday, 29 January 2017

Deny user direct login via ssh but allow login in between servers using match method

To Deny user direct login via ssh but allow login in between servers we can user below “Match” method, This will Allow Ranjith_P04 user to login only from 10.18.43.69/10.18.43.70/10.18.43.71 servers and the same user is denied to login from entire network 10.18.*.*
This needs to be added in last line of /etc/ssh/sshd_config file with same order in all 3 servers and restart sshd service
 Also need to remove “DenyUsers Ranjith_P04” line from /etc/ssh/sshd_config in order allow the user to login via ssh in between the given servers.

Match User Ranjith_P04 Address 10.18.43.69
PasswordAuthentication yes
Match User Ranjith_P04 Address 10.18.43.70
PasswordAuthentication yes
Match User Ranjith_P04 Address 10.18.43.71
PasswordAuthentication yes
Match User Ranjith_P04 Address 10.18.*.*
PasswordAuthentication no

No comments:

Post a Comment