我试图在使用TCP包装器的计算机上拒绝特定用户 在/etc/hosts.deny中有
sshd:tom@192.168.48.184
当我使用用户tom从192.168.48.184 ssh时它通过,我错过了什么?
答案 0 :(得分:1)
vi / etc / ssh / sshd_config
插入一行:
DenyUsers username1 username2 username3 username4
参考#man sshd_config:
DenyUsers
separated by spaces. Login is disallowed for user names that
match one of the patterns. â*â and â?â can be used as wildcards
in the patterns. Only user names are valid; a numerical user ID
is not recognized. By default, login is allowed for all users.
If the pattern takes the form USER@HOST then USER and HOST are
separately checked, restricting logins to particular users from
particular hosts.
保存并重新启动SSH服务。
/etc/init.d/sshd restart
了解详情:http://linuxpoison.blogspot.in/2008/08/how-to-deny-ssh-access-for-certain-user.html#ixzz2gjLPH8yH
谢谢&问候,
Alok Thaker
答案 1 :(得分:0)
唯一安全(读取:正确)的方法是禁用密码/键盘交互式登录方法,并为所有Tom的授权密钥添加deny-from选项。