It does not seem to work.
It appears that for sshd, sshusers would have to be their primary group =
and it is not.

It also appears that the Allow* directives act like seives. You have to =
pass all of the specified criteria to get in.
This means they would have be in the right group AND local rather than =
OR which is what I need.

Does anyone know how to do this with PAM?
I now have the "remoteusers" group setup so that might make it easier.



Ron

-----Original Message-----
From: Darren Tucker [mailto:dtucker@zip.com.au]
Sent: March 16, 2006 4:04 PM
To: Ron Wheeler
Cc: secureshell@securityfocus.com; rwheeler@artifact-software.com
Subject: Re: PAM and SSH


Ron Wheeler wrote:
> I would like to allow ssh access from=20
> 1) anyone on the 192.168.1.0/24 network
> or
> 2) anyone on a list of users.


An alternative to using pam_listfile (assuming you're using OpenSSH):

Put your chosen few users into a group, say, "sshusers" then put the
following in sshd_config:

AllowGroups sshusers
AllowUsers *@192.168.1.*

--=20
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.