SSH is really nifty but can drive you mad. In the configuration file:
/etc/ssh/sshd_config
in the AllowUsers you can set which accounts are accessilbe from which IP addresses or range of IPs. This allows you to really lock down your security but if you mess it up you can lock yourself out of the machine and then you have to logon from the console. Not nice if the machine is in a data center far away.
Also you can end up making it a real pain to log on to the machine by forcing logons through another machine making a nasty twisty maze of logons to endure before being able to login to the machine you want to maintain.
After changing sshd_config, don't forget to restart the sshd service
/etc/rc.d/init.d/sshd restart
or you'll be puzzling as to why you still can't logon...
Also if you have any problems do
less /var/log/secure
followed by Shift-G to see the latest entries in the secure log.
I had trouble with one machine as it didn't have a reverse DNS entry and as a result gave the error "Could not reverse map address". I didn't realize that that machine had gotten it's IP addres via DCHP so actually it wasn't a good idea to put it in the list anyway. So I got the machine a shiny new permanent IP address and now I can access it using Putty with no problems.
Shift-F will cause less to 'follow' the file, and display new lines as they are added to your log. Or, you can use 'tail'.
Posted by: bob mcwhirter at June 11, 2003 12:05 AMThanks Bob! Bloggers are so kind. I knew about tail but I didn't know about the follow feature of less. I swear that most Unix commands are learnt from master to apprentice. Somewhere, sometime ago, someone read the fact filled manual :-)
Posted by: Stuart Woodward at June 11, 2003 12:12 PM