我的印象是我只需将其添加到/etc/pam.d/sshd:
account required pam_access.so
这个/etc/security/access.conf:
-:root:ALL EXCEPT IPADDRESS
但这似乎没有奏效.
# disable Root login PermitRootLogin no # # [ . . . ] # # At the end of the file,add: # # Allow Root Login via Key from Admin Bastion Match Address 10.9.8.7 PermitRootLogin without-password