Vietcpam. add a row of accountrequiredpam_access.so to dsshd and save vietcsecurityaccess. conf adds a line at the end of the line-: guest: ALLEXCEPT192.168.0. this means that the guest user cannot access any IP address except 192.168.0. save the CIDR Block and exit the test # sshguest @ 192.
Vi/etc/pam. d/sshd add an account required pam_access.so and save vi/etc/security/access. add a line to the end of conf-: guest: ALL records t 192.168.0. it means that the guest user cannot access any IP address except 192.168.0. save the CIDR Block and exit the test # ssh guest @ 192.
Vi/etc/pam. d/sshd add a line of account required pam_access.so save vi/etc/security/access. conf and add a line-: guest: ALL privileges t 192.168.0.
It means that the guest user is not accessible from any IP address except 192.168.0. This CIDR block is saved and exited and then tested # ssh guest@192.168.0.8 can login
# Ssh guest@127.0.0.1 cannot log on to the following file annotation permission: users: origins probably means
#
# The first field shocould be a "+" (access granted) or "-" (access denied)
# Character.
#
# The second field shocould be a list of one or more login names, group
# Names, or ALL (always matches). A pattern of the form user @ host is
# Matched when the login name matches the "user" part, and when
# "Host" part matches the local machine name.
#
# The third field shocould be a list of one or more tty names (
# Non-networked logins), host names, domain names (begin with "."), host
# Addresses, internet network numbers (end with "."), ALL (always
# Matches) or LOCAL (matches any string that does not contain "."
# Character ). the above probably means that if the first header is a + sign (indicating that the connection is allowed) if it is a-sign (indicating that the connection is denied) the second one should be your remote TTY name, that is, your remote login name or group name ALL (that is, match ALL). You can enter user @ host on the terminal.
Here, the user matches the login name host, indicating that the IP address of your machine is listed. The third is to list your login name, or the network name. Do not forget to add a dot behind the domain name.
My English is not very good. The above is the basic idea. If you have any questions, please give me more advice and make progress together.