4

There are two (unix) users who are allowed to connect to my Debian Wheezy server using ssh: git and peter. While git is allowed to connect from everywhere, peter (who is in the sudo group) should be only allowed to connect from my local network.

I therefore added the line

AllowUsers git [email protected]/24

to my /etc/ssh/sshd_config

And it first seemed to work, as git is allowed to connect remotely over the internet, while peter isn't.

My desktop, which has the ip address 192.168.2.24 is allowed to connect as peter, but my laptop isn't when connected using VPN (with local ip 192.168.2.201). It works when using it directly connected to my LAN.

This is what I can find in the /var/log/auth.log file. It doesn't make any sense to me, why is that IP not allowed?

Feb 2 11:44:54 srv sshd[7275]: User peter from 192.168.2.201 not allowed because not listed in AllowUsers

Feb 2 11:44:54 srv sshd[7275]: input_userauth_request: invalid user peter [preauth]

Improve this question
1
  • What does "with local ip 192.168.2.201" mean? What is the output of ip addr on the laptop? Commented Feb 2, 2015 at 11:05

1 Answer 1

Reset to default
3

Use:

AllowUsers git [email protected].*

or for example:

AllowUsers git [email protected]??

if only 200-254 are allocated for VPN connections.

And make sure to read man ssh_config (the section PATTERNS). Yes, that's ssh_config, not sshd_config. But if you read the latter, you'll notice it refers to the former.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.