### Permit root login from local ### Look at /etc/hosts for host IP aliases
+:root:LOCAL localhost myHost
#
### Permit designated users to access from local
+:username:LOCAL localhost myHost
#
### Permit all local services/users to access from local
#+:ALL:LOCAL localhost myHost
+:ALL:LOCAL ALL
#
### Deny access to all from any remote (must be last)
-:ALL:ALL
类似地,对于.../etc/ssh/ssh_config...
### Group 1 - Restrictive
PermitRootLogin no ## myHost
ForwardAgent no ## myHost
ForwardX11 no ## myHost
ForwardX11Trusted no ## myHost
DenyUsers root ## myHost
DenyGroups root ## myHost
### Group 2 - Permissive
AllowUsers nonexistent ## myHost
AllowGroups nonexistent ## myHost
### Deploy any modifications using: systemctl restart sshd
1条答案
按热度按时间8i9zcol21#
这不是讨论安全问题的论坛...但是...为了解决 Wernfried Domscheit 提出的问题,您应该考虑修改文件.../etc/security/access.conf...以适应您的特殊情况。以下是我自己的文件的修改版本,供公众使用。
类似地,对于.../etc/ssh/ssh_config...
这为您提供了控制外部访问的最低限度,如果试图从内部访问,您将面临完全不同的问题。