のインストールでは、ユーザーが正しいユーザー名とパスワードで接続する必要があるだけでなく、特定のOpenSSH
。リスト?これは可能ですか?提案されたソリューションの要件として他の種類の資格情報を追加できますか?authentication
IP address
CentOS 7
web server
VPN
authorized IP addresses
OpenSSH
私は読んだこの投稿しかし、単に許可されていないIPをブロックするのではなく、許可されていないIPからのアクセスを報告するアプローチとして見えます。
可能であれば、フリーソフトウェアに集中したいと思います。
答え1
バラよりman sshd_config
:
AllowUsers
This keyword can be followed by a list of user name patterns, separated by
spaces. If specified, login is allowed only for user names that match one of
the patterns. Only user names are valid; a numerical user ID is not recog‐
nized. By default, login is allowed for all users. If the pattern takes the
form USER@HOST then USER and HOST are separately checked, restricting logins
to particular users from particular hosts. The allow/deny directives are
processed in the following order: DenyUsers, AllowUsers, DenyGroups, and
finally AllowGroups.
See PATTERNS in ssh_config(5) for more information on patterns.
そしてman ssh_config
:
PATTERNS
A pattern consists of zero or more non-whitespace characters, ‘*’ (a wildcard that
matches zero or more characters), or ‘?’ (a wildcard that matches exactly one charac‐
ter). For example, to specify a set of declarations for any host in the “.co.uk” set
of domains, the following pattern could be used:
Host *.co.uk
The following pattern would match any host in the 192.168.0.[0-9] network range:
Host 192.168.0.?
A pattern-list is a comma-separated list of patterns. Patterns within pattern-lists
may be negated by preceding them with an exclamation mark (‘!’). For example, to
allow a key to be used from anywhere within an organisation except from the “dialup”
pool, the following entry (in authorized_keys) could be used:
from="!*.dialup.example.com,*.example.com"