sshd_config AllowUsers

Question

I'm trying a very specific configuration for the AllowUsers directive that follows the logic below:

• Allow user1 to ssh from host1
• Deny user1 to ssh from any other host
• Allow all other users from any host

I've tried the following:

AllowUsers user1@host1 user1@!* *@*

Unfortunately, when ever the @ is present, it negates the previous parameters and no matter what the order is.

I have two questions; is there an order to which the parameters within the AllowUsers directive are executed and is the logic above even possible?

Answer 1

# Deny user1 from all hosts but host1
DenyUsers user1@!host1,*
# Allow all users from any host that are not denied yet
AllowUsers *@*