FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-07-2011, 07:06 AM
Stephen Cox
 
Default SSH AllowUser WildCard

Ned, thanks but I also can read the man page.

My question is what would an entry be if the user bob can login from
17363.myhost.com and 2373.myhost.com?

Stephen

On Mon, Feb 7, 2011 at 8:49 AM, Ned Slider <ned@unixmail.co.uk> wrote:
> On 07/02/11 06:08, Stephen Cox wrote:
>> Is it possible to allow a user to login from an changing hostname like:
>>
>> username@*hoststringfixed.com
>>
>
> man sshd_config
>
> AllowUsers
> This keyword can be followed by a list of user name patterns, separated
> by spaces. If specified, login is allowed only for user names that match
> one of the patterns. `*' and `?' can be used as wildcards in the
> patterns. Only user names are valid; a numerical user ID is not
> recognized. By default, login is allowed for all users. If the pattern
> takes the form USER@HOST then USER and HOST are separately checked,
> restricting logins to particular users from particular hosts.
>
>
> So wild cards can be used although it doesn't specifically state they
> can be used with the HOST part. Try it and see, my guess is it will work.
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



--
Stephen Cox
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-07-2011, 07:30 AM
Cameron Kerr
 
Default SSH AllowUser WildCard

On 7/02/2011, at 9:06 PM, Stephen Cox wrote:Ned, thanks but I also can read the man page.

My question is what would an entry be if the user bob can login from
17363.myhost.com and 2373.myhost.com?

It would be reasonable to try*
bob@*.myhost.com
Did you try it?

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-07-2011, 07:52 AM
Stephen Cox
 
Default SSH AllowUser WildCard

Cameron,

Yes I did and I will test it later today.

Thank you!

On Mon, Feb 7, 2011 at 10:30 AM, Cameron Kerr <cameron@humbledown.org> wrote:
>
> On 7/02/2011, at 9:06 PM, Stephen Cox wrote:
>
> Ned, thanks but I also can read the man page.
>
> My question is what would an entry be if the user bob can login from
> 17363.myhost.com and 2373.myhost.com?
>
> It would be reasonable to try
> bob@*.myhost.com
> Did you try it?
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>



--
Stephen Cox
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2011, 04:37 AM
Stephen Cox
 
Default SSH AllowUser WildCard

It didnt work.

Here is the logs:

Feb 7 18:17:25 server sshd[3537]: reverse mapping checking
getaddrinfo for AA-xxx-xxx-xxx-xxx.AAAA.host.com failed - POSSIBLE
BREAKIN ATTEMPT!
Feb 7 18:17:25 server sshd[3537]: User root from xxx.xxx.xxx.xxx not
allowed because not listed in AllowUsers

But my AllowedUsers has an root@*host.com

Stephen

On Mon, Feb 7, 2011 at 10:52 AM, Stephen Cox <stephencoxmail@gmail.com> wrote:
> Cameron,
>
> Yes I did and I will test it later today.
>
> Thank you!
>
> On Mon, Feb 7, 2011 at 10:30 AM, Cameron Kerr <cameron@humbledown.org> wrote:
>>
>> On 7/02/2011, at 9:06 PM, Stephen Cox wrote:
>>
>> Ned, thanks but I also can read the man page.
>>
>> My question is what would an entry be if the user bob can login from
>> 17363.myhost.com and 2373.myhost.com?
>>
>> It would be reasonable to try
>> bob@*.myhost.com
>> Did you try it?
>>
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>>
>
>
>
> --
> Stephen Cox
>



--
Stephen Cox
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2011, 05:08 AM
Cameron Kerr
 
Default SSH AllowUser WildCard

I think you need to do a 'host the-ip-address' to see what the reverse DNS is doing; that seems to be what is causing the problem.

On 8/02/2011, at 6:37 PM, Stephen Cox wrote:

> It didnt work.
>
> Here is the logs:
>
> Feb 7 18:17:25 server sshd[3537]: reverse mapping checking
> getaddrinfo for AA-xxx-xxx-xxx-xxx.AAAA.host.com failed - POSSIBLE
> BREAKIN ATTEMPT!
> Feb 7 18:17:25 server sshd[3537]: User root from xxx.xxx.xxx.xxx not
> allowed because not listed in AllowUsers
>
> But my AllowedUsers has an root@*host.com

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2011, 08:35 AM
Stephen Cox
 
Default SSH AllowUser WildCard

Host xxx.xxx.xxx.xxx:

xxx.xxx.xxx.xxx.in-addr.arpa domain name pointer
AA-xxx-xxx-xxx-xxx.AAAA.host.com

Stephen

On Tue, Feb 8, 2011 at 8:08 AM, Cameron Kerr <cameron@humbledown.org> wrote:
> I think you need to do a 'host the-ip-address' to see what the reverse DNS is doing; that seems to be what is causing the problem.
>
> On 8/02/2011, at 6:37 PM, Stephen Cox wrote:
>
>> It didnt work.
>>
>> Here is the logs:
>>
>> Feb *7 18:17:25 server sshd[3537]: reverse mapping checking
>> getaddrinfo for AA-xxx-xxx-xxx-xxx.AAAA.host.com failed - POSSIBLE
>> BREAKIN ATTEMPT!
>> Feb *7 18:17:25 server sshd[3537]: User root from xxx.xxx.xxx.xxx not
>> allowed because not listed in AllowUsers
>>
>> But my AllowedUsers has an root@*host.com
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



--
Stephen Cox
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2011, 02:02 PM
"R - elists"
 
Default SSH AllowUser WildCard

> -----Original Message-----
> From: centos-bounces@centos.org
> [mailto:centos-bounces@centos.org] On Behalf Of Stephen Cox
> Sent: Monday, February 07, 2011 9:37 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] SSH AllowUser WildCard
>
> It didnt work.
>
> Here is the logs:
>
> Feb 7 18:17:25 server sshd[3537]: reverse mapping checking
> getaddrinfo for AA-xxx-xxx-xxx-xxx.AAAA.host.com failed -
> POSSIBLE BREAKIN ATTEMPT!
> Feb 7 18:17:25 server sshd[3537]: User root from
> xxx.xxx.xxx.xxx not allowed because not listed in AllowUsers
>
> But my AllowedUsers has an root@*host.com
>
> Stephen
>


Stephen,

look at your previous posts / examples

you mention bob logging in from different remote addresses...

n ot "root"

bob is not equal to root in system account on security terms

;->

the security logs are telling you that root cannot login from remote per
config and is not an allowed user.

root will never be able to login unless you allow root logins.

enable bob login and go back to "bob" scenario eh?

- rh

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2011, 03:52 PM
Gordon Messmer
 
Default SSH AllowUser WildCard

On 02/07/2011 09:37 PM, Stephen Cox wrote:
> Feb 7 18:17:25 server sshd[3537]: reverse mapping checking
> getaddrinfo for AA-xxx-xxx-xxx-xxx.AAAA.host.com failed - POSSIBLE
> BREAKIN ATTEMPT!

That message indicates that the IP address from which you're connecting
has a PTR record of "AA-xxx-xxx-xxx-xxx.AAAA.host.com", but that
hostname doesn't resolve to that IP address (or doesn't resolve at all).

You'll need to set up DNS properly for this to work.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2011, 05:13 PM
Stephen Cox
 
Default SSH AllowUser WildCard

On Tue, Feb 8, 2011 at 6:52 PM, Gordon Messmer <yinyang@eburg.com> wrote:
> You'll need to set up DNS properly for this to work.

It is mobile Broadband... So that will not be not possible.

--
Stephen Cox
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2011, 05:33 PM
Ned Slider
 
Default SSH AllowUser WildCard

On 08/02/11 18:13, Stephen Cox wrote:
> On Tue, Feb 8, 2011 at 6:52 PM, Gordon Messmer<yinyang@eburg.com> wrote:
>> You'll need to set up DNS properly for this to work.
>
> It is mobile Broadband... So that will not be not possible.
>

Is there a reason you have to include the host part? Why can't you just
allow the user part only for that user?


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 06:48 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org