Am I missing something? According to the man pages this should work:
Allow root login but ONLY when it’s not from 192.168.1.2. Well, that’s not working…
However, changing the configuration will make it work:
Am I misreading the man pages or is this a bug, for a long time there…?
Hello and welcome to the openSUSE forums.
Sorry, but saying “it does (not) work” is not something that tells much in a computer environment.
You should explain
- what you did (and we have only some configurations, but you did not tell what you did);
- what happened (this is missing complete);
- what you expected to happen (this is also missing).
So we can only guess what you mean with “working”. And guessing from this side will probably lead to misunderstandings and bad advice.
Oh, and please select you pieces of computer text and then hit the </> button in the tool bar of the post editor. That will make the computer text much more readable and understandable.
from how I understand the syntax I would have said that in
There is a lack of the ips that you exclude 192.168.1.1 from.
So, the * (any ip) as in your second example.
Instead of the
I would have put a space. Does it work with a space instead?
Yes, you are misreading man pages. Check out
man ssh_config again, it’s pretty definitive.
OK, some more clarification:
I was expecting user root root can only login from 192.168.1.1. Well, logging in from another IP-address is possible also:
ssh 127.0.0.1 'whoami'
But Busy Penquin was right, it’s in the man 5 ssh_config:
…the following pattern list will fail: from=“!host1,!host2”
The solution here is to include a term that will yield a positive match,
such as a wildcard: from=“!host1,!host2,*”
Hence: this one also works:
Logging in from localhost will now result into:
journalctl -l -u sshd.service
User root from 127.0.0.1 not allowed because listed in DenyUsers
And to make it all complete I changed the config to:
So, great, it’s working; thanks for the help.
Yep, you’re right. Thanks for the hint, see my other response earlier.