|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Hi My first request so please excuse any etiquette faux pax. I have been searching for a solution for a few weeks now and managed to find one or two server wide examples & discussions but not any for user specific restrictions. Firstly, the setup : Running AIX 5300-10-01 and 6100-03-01 servers with OpenSSH version 220.127.116.1102 (latest version for AIX I am aware of). There are also a few linux boxes, mostly redhat and Ubuntu. We have a central management server running AIX 6100-03-01 which runs distributed shell commands (dsh - essentially SSH's to all servers and runs the specific command) but for this to work root ssh needs to be enabled. I also have a number of application users that need to be able to SSH/SCP/SFTP between servers. For security reasons I need to only allow root ssh from the management server only. For audit purposes I need to ensure that application UserID's will only accept connections from specific hosts. All this needs to be done without impacting where the administrators can connect from so it needs to be user specific. As TCP Wrapper is not used on the AIX servers that is currently not an option and the configuration needs to go through the various OpenSSH configs. Example : Mngt Server App1 Server App2 Server App3 Server - The App Servers allow root access from "Mngt Server" but deny root access from everywhere else. - The App Servers allow AppUserX access from App* Server and "Mngt Server" but deny access from everywhere else. - The administrators can connect to the servers from anywhere but not as the AppUserX or root I have tried the global /etc/ssh/ssh_config and /etc/ssh/sshd_config files. I have also tried ~/.ssh/config to no avail. As I am pretty much fumbling in the dark I may have been close to a solution and not realised it but I simply can't seem to get user level access restrictions to work. I would appreciate any help! R e g a r d s M i c h a e l L G r i f f i n Please consider the environment before printing this email He who play in root, eventually kill tree.
[Home] [Fedora Users] [Fedora Legacy] [Fedora Desktop] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]