Ned, thanks but I also can read the man page.

My question is what would an entry be if the user bob can login from 17363.myhost.com and 2373.myhost.com?

Stephen

On Mon, Feb 7, 2011 at 8:49 AM, Ned Slider ned@unixmail.co.uk wrote:

On 07/02/11 06:08, Stephen Cox wrote:

...

Is it possible to allow a user to login from an changing hostname like:

username@*hoststringfixed.com

man sshd_config

AllowUsers This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns. `*' and `?' can be used as wildcards in the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts.

So wild cards can be used although it doesn't specifically state they can be used with the HOST part. Try it and see, my guess is it will work.

---

CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

Cameron,

Yes I did and I will test it later today.

Thank you!

On Mon, Feb 7, 2011 at 10:30 AM, Cameron Kerr cameron@humbledown.org wrote:

On 7/02/2011, at 9:06 PM, Stephen Cox wrote:

Ned, thanks but I also can read the man page.

My question is what would an entry be if the user bob can login from 17363.myhost.com and 2373.myhost.com?

It would be reasonable to try bob@*.myhost.com Did you try it?

---

CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

I think you need to do a 'host the-ip-address' to see what the reverse DNS is doing; that seems to be what is causing the problem.

On 8/02/2011, at 6:37 PM, Stephen Cox wrote:

It didnt work.

Here is the logs:

Feb 7 18:17:25 server sshd[3537]: reverse mapping checking getaddrinfo for AA-xxx-xxx-xxx-xxx.AAAA.host.com failed - POSSIBLE BREAKIN ATTEMPT! Feb 7 18:17:25 server sshd[3537]: User root from xxx.xxx.xxx.xxx not allowed because not listed in AllowUsers

But my AllowedUsers has an root@*host.com

-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Stephen Cox Sent: Monday, February 07, 2011 9:37 PM To: CentOS mailing list Subject: Re: [CentOS] SSH AllowUser WildCard

It didnt work.

Here is the logs:

Feb 7 18:17:25 server sshd[3537]: reverse mapping checking getaddrinfo for AA-xxx-xxx-xxx-xxx.AAAA.host.com failed - POSSIBLE BREAKIN ATTEMPT! Feb 7 18:17:25 server sshd[3537]: User root from xxx.xxx.xxx.xxx not allowed because not listed in AllowUsers

But my AllowedUsers has an root@*host.com

Stephen

Stephen,

look at your previous posts / examples

you mention bob logging in from different remote addresses...

n ot "root"

bob is not equal to root in system account on security terms

;->

the security logs are telling you that root cannot login from remote per config and is not an allowed user.

root will never be able to login unless you allow root logins.

enable bob login and go back to "bob" scenario eh?

- rh

On Tue, Feb 8, 2011 at 6:52 PM, Gordon Messmer yinyang@eburg.com wrote:

You'll need to set up DNS properly for this to work.

It is mobile Broadband... So that will not be not possible.

On 02/08/2011 10:13 AM, Stephen Cox wrote:

On Tue, Feb 8, 2011 at 6:52 PM, Gordon Messmeryinyang@eburg.com wrote:

...

You'll need to set up DNS properly for this to work.

It is mobile Broadband... So that will not be not possible.

Then I guess the answer is that OpenSSH works and your provider's DNS doesn't. :(

You do still have the option of using tcp wrappers. (See man 5 hosts_access). You can create an "allow" rule for sshd for the network that you want, and then "deny" everything else.