Question : Allow userok@ip_good, Deny userok@any_other_ip and Allow *@*

Is it possible? I'm running sshd on Aix6.1

Scenario:
ALLOW only access from: userok@ip_good
DENY access from userok@*
and
ALLOW acces from *@*

Thanks

Answer : Allow userok@ip_good, Deny userok@any_other_ip and Allow *@*

I've not used AIX, but do not think it is possible.
You can use the hosts.allow/hosts.deny if your SSH has tcp_wrappers to deny based on IP.

If sshd with tcp_wrappers handles the user@ip,
The other issue is that deny supersedes allows such that an entry in Allow userok@ip_good will be ignored because of the entry in DENY: sshd:userok@*  

I've not tested whether username@ is even an option which seems rather problemativ as it will be a nightmare to track down. i.e. user is active everywhere except the user can not connect.
Random Solutions  
 
programming4us programming4us