« Portaudit Follow-up | Main | FreeBSD Reviews »

June 19, 2005

AllowUsers

Currently every website matches one shell account on my servers, I always feel it's insecure to have more than a dozen accounts, but never taken a minute to think about how to change it.

AllowUsers parameter in sshd is just for it, to allow only one account to login with ssh, add the following line in /etc/sshd_config:

AllowUsers account_name

If you have a static IP address for login, you can make it more secure, for example:

AllowUsers account_name@192.168.1.32

Restart sshd after the file is modified:

# /etc/rc.d/sshd reload

For detailed information, please refer to the handbook.

Note: you should test the login before closing all terminals, a spelling error can lock yourself out of the server.

Update: Using a static IP address for login is strongly recommended, it's much more important than limiting the account number.

Category : Security

Posted by FreeBSD Newbie at June 19, 2005 07:10 PM

Comments

Post a comment

Name:

Email Address:
(Optional, will not be shown to the public)

Remember Me? YesNo

Comments: (Comment with any URL will be discarded due to crazy spambots.