Volker Kindermann on Thu, Oct 07, 2004 at 07:54:17PM +0200 wrote: > Hi Jim, > > > > I've used ssh as a secure telnet up to now but done little else with > > it. The FreeBSD machines I look after on our internet-facing network > > all have one account which I connect to for administration. I've set > > up /etc/hosts.allow on all the machines to only allow ssh from a > > limited internal network range. > > > > Now I want to create a new account on one machine which will be > > accessible from the Internet as a whole, to be used for tunnelling of > > SMTP and POP3. I can't predict what the client IP address will be so I > > will have to remove the hosts.allow restriction. > > have you considered the "AllowGroups" and "AllowUsers" directives of > sshd_config? They should provide exact the functionality that you want. But what if you have 1000 users? From my understanding you would have to add all users to the AllowUsers list. -Mark > > -volker _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"