Hello, I played arround with the sshd and tried some settings and I think I solved the problem: Don't use IP's after the '@'! Take the FQDN (NOT the short name from /etc/hosts) and then it works! In my example I tried: AllowUsers *@my.domain.de .. and this works fine. Nevertheless many thanks for help. Regards Ruediger Michael Appeldorn wrote:
Your example:
AllowUsers *.IP.Fire.wall.X CertainUserName.*
My way: AllowUsers *@IP.Fire.wall.X CertainUserName@*
less of the user name. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts.
Yep - the wildcard was my fault. According to the manpage its @.
To your problem. Check it out in two steps. One time the host, the other the users to determine if it works at all.
Another idea to restrict the access is to edit /etc/hosts.allow and /etc/host.deny.
Will check it for my own and reply the result.
Michael Appeldorn