[clue-tech] sshd authorization strategies

[Dan Harris]

> 
> Well, I tried those settings and it won't let any user other than 
> root at backup-server log in.  The log says "not allowed because not listed 
> in AllowUsers".  Apparently, if you have anything in AllowUsers, that's 
> all you get.
> 

Ok. I think I found another way of handling this.  In the ~/.ssh/authorized_keys 
file, you can specify a user at host in-line with the key.  Then change 
PermitRootLogin to "forced-commands-only".

More info is here:

http://ejohansson.se/articles/system-administration/rdiff-backup/#sec-conf-ssh