[CentOS] pam_access.so restrictions not working - syntax errors?
Dirk H. Schulz
dirk.schulz at kinzesberg.deFri Mar 20 13:49:28 UTC 2009
- Previous message: [CentOS] minimal installation - kickstart error
- Next message: [CentOS] pam_access.so restrictions not working - syntax errors?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi folks, I want to restrict root access via ssh to certain (internal) hosts. That is what pam_access.so is for, I thought, so I configured: in /etc/security/access.conf I added (nothing in there before): + : root : 192.168.123.0/24 10.72.0.0/16 - : root : ALL in /etc/pam.d/ssh I added at the end: account required pam_access.so Then I restarted the ssh server. Basically, this kinda works. Cron suddenly had no right to do it's job, so I had to add + : root : LOCAL to /etc/security/access.conf But there still is no restriction on ssh logins by root - I can still login from anywhere. Next I tried putting it in one line in /etc/security/access.conf: - : root : ALL EXCEPT LOCAL 192.168.123.0/24 10.72.0.0/16 That did not change anything, still I can log in via ssh. I am stuck. According to documentation and the examples on the net this should be the right syntax. And, by the way, in my /etc/ssh/ sshd_config I have "UsePAM yes". Any help or hint is appreciated. Dirk
- Previous message: [CentOS] minimal installation - kickstart error
- Next message: [CentOS] pam_access.so restrictions not working - syntax errors?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list