![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
方法1: Match XXX
/etc/ssh/sshd_config
# global config
PermitRootLogin no
PasswordAuthentication no
GSSAPIAuthentication no # 非必要
Match Address 192.168.123.*
PermitRootLogin yes
PasswordAuthentication yes* 在沒有 "UsePAM yes" 及 "AllowUsers ???" 影響下有效
* PermitRootLogin no > AllowUsers root
Checking
Permission denied (publickey).
方法2: Define "AllowUsers" patterns
AllowUsers [email protected].* Match User root AllowUsers [email protected]
方法3: UsePAM
# Login access control table
/etc/security/access.conf
# permission : users : origins + : root : 127.0.0.1 + : root : hosta hostb hostx - : root : ALL # All other users should be denied to get access from all sources. - : ALL : ALL - : ALL : ALL
Remark
# The same is 192.168.201.0/24 or 192.168.201.0/255.255.255.0
+ : root : 192.168.123.
/etc/pam.d/sshd
account required pam_access.so
login 失敗的 log
Oct 18 22:24:17 sshgw sshd[28895]: fatal: Access denied for user root by PAM account configuration [preauth]
* AllowUsers > UsePAM
Summary
PermitRootLogin no > AllowUsers root > UsePAM
