Thanks for reply but this doesn't work. I have read the manual but the problem I think is the wildcard. Your example:
AllowUsers *.IP.Fire.wall.X CertainUserName.*
My way: AllowUsers *@IP.Fire.wall.X CertainUserName@* --> in both cases only the user 'CertainUserName' will have access from all hosts; NO other user has access The entry '*.IP.Fire.wall.X' doesn't work ! My entry with '@' doesn't work, too. I have tried to put the commands into two lines but it is the same problem. Perhaps you have another idea. I don't want to setup another sshd on another port. Thanks and regards Ruediger Michael Appeldorn wrote:
I have a problem to configure my OpenSSH:
I want allow root-access (and all other users) to a webserver from my firewall with a static IP. For all other IP's I want to create an user who has access to this machine, and no one else (no root-access!).
man sshd is your friend:
snip ------
AllowUsers This keyword can be followed by a list of user names, separated by spaces. If specified, login is allowed only for users names that match one of the patterns. `*' and `?' can be used as wild cards in the patterns. Only user names are valid; a numerical user ID is not recognized. By default login is allowed regard less of the user name. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts.
---- snip
4 /etc/ssh/sshd_config
so you have to insert there
AllowUsers *.IP.Fire.wall.X CertainUserName.*
Yours
Michael Appeldorn