17 Jun 2015   devops

SSH has some nice security features like password-less authentication. For the sysadmin who wants even more fine-grained control, the ssh configuration has a setting for what users are allowed to authenticate based on their IP address.

# /etc/ssh/sshd_config
AllowUsers admin@ deployer@ git@*

This configuration says that admin & deployer are only allowed to login from, but git can login from any IP address. You can also use wildcards the other way:

AllowUsers *@

The most useful thing here is the ability to use * to match users and hosts.

h/t Chris Erin