I want to allow a single host root access via ssh. If the order of processing DenyUsers, AllowUsers were reversed this cold be done in a straight forward manner. My question, is would adding an Apache-like derective Order Deny,Allow violate any standards or be a security problem? _____ Douglas Denault http://www.safeport.com doug at safeport.com
On Thu, Nov 09, 2006 at 12:22:33AM -0500, doug at safeport.com wrote:> I want to allow a single host root access via ssh. If the order of > processing DenyUsers, AllowUsers were reversed this cold be done in > a straight forward manner. > > My question, is would adding an Apache-like derective Order > Deny,Allow violate any standards or be a security problem?Couldn't you use the Match keyword (new in 4.4 IIRC) to do this in an even more straight forward manner? :) //Peter
Reasonably Related Threads
- [Bug 3193] New: Add separate section in sshd_config man page on Access Control
- link-dest question
- more flexible AllowUsers/DenyUsers syntax
- [Bug 1690] New: AllowUsers and DenyGroups directives are not parsed in the order specified
- Problem, possibly bug with AllowUsers & DenyUsers