瀏覽代碼
Added AllowUsers,AllowGroups,DenyUsers,DenyGroups
This will add more options to set to secure openssh - AllowUsers - AllowGroups - DenyUsers - DenyGroupstags/v0.41.0
Niels Abspoel
10 年之前
+ 19
- 0
openssh/files/sshd_config
查看文件
| @@ -137,6 +137,25 @@ | |||
| # DNS resolve and map remote IP addresses | |||
| {{ option('UseDNS', 'yes') }} | |||
| # Restricting Users and Hosts | |||
| # example: | |||
| # AllowUsers vader@10.0.0.1 maul@sproing.evil.com luke | |||
| # AllowGroups wheel staff | |||
| # | |||
| # Keep in mind that using AllowUsers or AllowGroups means that anyone | |||
| # not Matching one of the supplied patterns will be denied access by default. | |||
| # Also, in order for sshd to allow access based on full or partial hostnames it | |||
| # needs to to a DNS lookup | |||
| # | |||
| # DenyUsers | |||
| {{ option('DenyUsers', '') }} | |||
| # AllowUsers | |||
| {{ option('AllowUsers', '') }} | |||
| # DenyGroups | |||
| {{ option('DenyGroups', '') }} | |||
| # AllowGroups | |||
| {{ option('AllowGroups', '') }} | |||
| {# Handling unknown in salt template options #} | |||
| {%- for keyword in sshd_config.keys() %} | |||
| {#- Matches have to be at the bottem and should be handled differently -#} | |||
+ 2
- 0
pillar.example
查看文件
| @@ -32,6 +32,8 @@ sshd_config: | |||
| Subsystem: "sftp /usr/lib/openssh/sftp-server" | |||
| UsePAM: 'yes' | |||
| UseDNS: 'yes' | |||
| AllowUsers: 'vader@10.0.0.1 maul@evil.com sidious luke' | |||
| AllowGroups: 'wheel staff' | |||
| matches: | |||
| sftp_chroot: | |||
| type: | |||
Loading…