Merge pull request #28 from aboe76/allow_deny_users
Added AllowUsers,AllowGroups,DenyUsers,DenyGroups
This commit is contained in:
commit
4e49e73e76
@ -137,6 +137,25 @@
|
||||
# DNS resolve and map remote IP addresses
|
||||
{{ option('UseDNS', 'yes') }}
|
||||
|
||||
# Restricting Users and Hosts
|
||||
# example:
|
||||
# AllowUsers vader@10.0.0.1 maul@sproing.evil.com luke
|
||||
# AllowGroups wheel staff
|
||||
#
|
||||
# Keep in mind that using AllowUsers or AllowGroups means that anyone
|
||||
# not Matching one of the supplied patterns will be denied access by default.
|
||||
# Also, in order for sshd to allow access based on full or partial hostnames it
|
||||
# needs to to a DNS lookup
|
||||
#
|
||||
# DenyUsers
|
||||
{{ option('DenyUsers', '') }}
|
||||
# AllowUsers
|
||||
{{ option('AllowUsers', '') }}
|
||||
# DenyGroups
|
||||
{{ option('DenyGroups', '') }}
|
||||
# AllowGroups
|
||||
{{ option('AllowGroups', '') }}
|
||||
|
||||
{# Handling unknown in salt template options #}
|
||||
{%- for keyword in sshd_config.keys() %}
|
||||
{#- Matches have to be at the bottem and should be handled differently -#}
|
||||
|
@ -32,6 +32,11 @@ sshd_config:
|
||||
Subsystem: "sftp /usr/lib/openssh/sftp-server"
|
||||
UsePAM: 'yes'
|
||||
UseDNS: 'yes'
|
||||
AllowUsers: 'vader@10.0.0.1 maul@evil.com sidious luke'
|
||||
DenyUsers: 'yoda chewbaca@112.10.21.1'
|
||||
AllowGroups: 'wheel staff imperial'
|
||||
DenyGroups: 'rebel'
|
||||
Deny
|
||||
matches:
|
||||
sftp_chroot:
|
||||
type:
|
||||
|
Loading…
Reference in New Issue
Block a user