Linux Fixed user access IP restrictions

Today, the head let me do one thing, is to limit the server test users can only from the company intranet landing, not from the public network. I think about it, I think the use of Pam can be very good implementation, the following list my steps:
The first step, edit the/etc/pam.d/sshd, add the following content
Account required pam_access.so

        after joining is as follows:

                    auth          required      pam_stack.so service=system-auth                    auth           required     pam_nologin.so                    account     required      pam_stack.so service=system-auth                    account      required     pam_access.so                    password   required     pam_stack.so  service=system-auth                    session      required     pam_ stack.so service=system-auth                    session      required      pam_loginuid.so

Exit save.

Second step: Edit/etc/security/access.conf, add a line-:test:all EXCEPT 192.168.1 in the tail line.

To explain, "-" means to deny "test" is the username, "All" is all, "EXCEPT 192.168.1." It means to exclude 192.168.1 this network segment, need to pay attention to is 192.168.1. The last of this "." Be sure to add Oh!

Also to add the appropriate permissions for each user, or even the root user, some permissions will be disabled, such as CRONTAB-E permissions.

+: Root:cron crond:0 tty1 tty2 tty3 tty4 tty5 tty6+: Userx:cron crond:0 tty1 tty2 tty3 tty4 tty5 tty6

Modify Port number: Vim/etc/ssh/ssh_config
Vim/etc/ssh/sshd_config
modify port in two files this configuration item

Step Three: Restart the sshd service to
Service sshd Restart

But it still doesn't work, and the result is that Pam No in/etc/ssh/ssh_config is changed to Pam Yes

This article is from the "Wang Xiao Acid" blog, please be sure to keep this source http://wangaimin.blog.51cto.com/8499946/1905835

Linux Fixed user access IP restrictions