ssh的用户登陆限制
%26;#38928;%26;#35373;上,sshd不受xinetd管,但可支援tcpd。* D- Y4 p) F% {: o0 S& ~
你可在hosts.allow中%26;#35373;: I* G# d3 o1 [* Y! B
sshd:192.168.0.4 W/ L" U' M4 V# n9 ?7 T% g2 R- a! o
sshd:ALL:deny
) ^$ E# p% j; _" q2 i
. {. q' S5 o! ^" X& c, Z%26;#30070;然,用iptables也行:
' `8 V' S1 m# C7 U3 E! S. Liptables-IINPUT-ptcp--dport22-jDROP
' N1 \7 w9 b) o$ f+ T. k0 Hiptables-IINPUT-ptcp--dport22-s192.168.0.0/32-jACCEPT% D, Y4 g% R% [$ }
(%26;#35387;:用-I命令,且%26;#38918;序不能%26;#39003;倒...)
+ S$ I- B- P; `; R H
" g% [5 r7 K# N再%26;#35036;:1 J- w7 Z& m3 O% m0 n9 a* W0 O: m
, E9 K! R) V7 `# G/ H# X& v
若你%26;#36996;想限制哪些用%26;#25142;可用,%26;#35531;mansshd_config找找AllowGroups%26;#33287;AllowUsers%26;#35373;定。! r7 z( \: V. z5 H* E& _6 ?
或用pam也行:
; i7 T+ t+ T f! z. Z8 b3 g! c1)修改/etc/pam.d/sshd' ] N5 H6 m: E" W; d; z- a
authrequiredpam_listfile.soitem=usersense=allowfile=/etc/sshusersonerr=fail
+ b: l! \1 T4 C/ f1 _, t8 x2)%26;#23559;你要的用%26;#25142;%26;#23531;%26;#36914;/etc/sshusers,如:) K8 a4 j& d* `0 c1 n
echo"root"%26gt;%26gt;/etc/sshusers
(※本文搜集自:重庆未来科技 http://www.wlkj.net 重庆IBM笔记本电脑、重庆IBM水货笔记本电脑、重庆苹果笔记本电脑、重庆IBM服务器专卖)
