AllowUsers doesn't work with IPs - SSH

This is a discussion on AllowUsers doesn't work with IPs - SSH ; I want to give user "klee" access to the host "rex3" via ssh, if he connects from 192.168.0.25 (oregon). So I put AllowUsers klee@oregon in "/etc/ssh/sshd_config" and restarted sshd. Connection works fine. However, when I put AllowUsers klee@192.168.0.25 in "/etc/ssh/sshd_config" ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: AllowUsers doesn't work with IPs

  1. AllowUsers doesn't work with IPs

    I want to give user "klee" access to the host "rex3" via ssh, if he
    connects from 192.168.0.25 (oregon).

    So I put

    AllowUsers klee@oregon

    in "/etc/ssh/sshd_config" and restarted sshd. Connection works fine.
    However, when I put

    AllowUsers klee@192.168.0.25

    in "/etc/ssh/sshd_config" and restart sshd, then the connection fails:

    Jan 24 11:35:15 rex3 sshd[9075]: error: PAM: Authentication failure for
    illegal user klee from oregon

    What may be the reason for the problem? Eventually, I'd like to give
    access to entire IP ranges.

    About the host:

    # cat /etc/SuSE-release
    SuSE Linux 9.2 (i586)
    VERSION = 9.2
    # uname -a
    Linux rex3 2.6.8-24.19-default #1 Tue Nov 29 14:32:45 UTC 2005 i686 athlon
    i386 GNU/Linux
    # sshd -no_nice_parameter_to_get_version
    [...]
    OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
    [...]

    --
    Dipl.-Phys. Felix E. Klee
    Email: fk@linuxburg.de (work), felix.klee@inka.de (home)
    Tel: +49 721 8307937, Fax: +49 721 8307936
    Linuxburg, Goethestr. 15A, 76135 Karlsruhe, Germany

  2. Re: AllowUsers doesn't work with IPs

    On 2006-01-24, Felix E. Klee wrote:
    > I want to give user "klee" access to the host "rex3" via ssh, if he
    > connects from 192.168.0.25 (oregon).
    >
    > So I put
    >
    > AllowUsers klee@oregon
    >
    > in "/etc/ssh/sshd_config" and restarted sshd. Connection works fine.
    > However, when I put
    >
    > AllowUsers klee@192.168.0.25
    >
    > in "/etc/ssh/sshd_config" and restart sshd, then the connection fails:
    >
    > Jan 24 11:35:15 rex3 sshd[9075]: error: PAM: Authentication failure for
    > illegal user klee from oregon


    Do you have IPv6 enabled? If so, the system reports the connections as
    IP4-in-6 mapped addresses so the look like "::ffff:192.168.0.25"

    OpenSSH 4.1 and newer "normalize" these addresses back to IPv4 ones so
    what you have would work. You can also tell sshd to listen only on IPv4
    addresses ("ListenAddress 0.0.0.0") which I think will work.

    See: http://marc.theaimsgroup.com/?l=open...13223431607453

    --
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.

  3. Re: AllowUsers doesn't work with IPs

    On Thu, 26 Jan 2006 23:23:43 +0000, Darren Tucker wrote:
    >> Jan 24 11:35:15 rex3 sshd[9075]: error: PAM: Authentication failure for
    >> illegal user klee from oregon

    >
    > Do you have IPv6 enabled? If so, the system reports the connections as
    > IP4-in-6 mapped addresses so the look like "::ffff:192.168.0.25"


    Yes, I'm seeing reports about connections from addresses that look similar
    to that above.

    > OpenSSH 4.1 and newer "normalize" these addresses back to IPv4 ones so
    > what you have would work. You can also tell sshd to listen only on IPv4
    > addresses ("ListenAddress 0.0.0.0") which I think will work.


    Works, thanks!

    --
    Dipl.-Phys. Felix E. Klee
    Email: fk@linuxburg.de (work), felix.klee@inka.de (home)
    Tel: +49 721 8307937, Fax: +49 721 8307936
    Linuxburg, Goethestr. 15A, 76135 Karlsruhe, Germany

+ Reply to Thread