Question : Problem: I would like to restrict root access over ssh to a specific subnet, but sshd seems to be ignoring my PAM settings

I was using the sshd option PermitRootLogin no to prevent root logins into my server. But I now want to prevent root logins from all but a few subnets.

I have changed the sshd settings as follows:
PermitRootLogin yes
UsePAM yes
ChallengeResponseAuthentication yes

I have added the following line to (I want to ensure that PAM is properly blocking root logins before trying to open up any subnets)
/etc/security/access.conf
- : root : ALL

I have also added this line at ethe bottom of /etc/pam.d/sshd
account required pam_access.so

I restarted sshd and expected root logins to be regected, but they are not instead they are accepted with the following message in /var/log/secure

Oct 31 13:29:25 XHOST sshd[32675]: Accepted keyboard-interactive/pam for root from xxx.xxx.xxx.xxx port 37113 ssh2
Oct 31 13:29:25 XHOST sshd[32675]: pam_unix(sshd:session): session opened for user root by (uid=0)

I have been following http://www.cyberciti.biz/tips/openssh-root-user-account-restriction-revisited.html as a guide but it doesn't seem to be working.

Answer : Problem: I would like to restrict root access over ssh to a specific subnet, but sshd seems to be ignoring my PAM settings

It seems, process name and the rest of parameters are ANDed, so this line works:

- : root : sshd ALL

Random Solutions

Problem: Calendar and Contacts good, but email not syncing

Problem: Use Access lists on mpls network, but now can't access internet

Problem: how to stop using nokia pc suite software at my domain by GPO

Problem: GeForce 7950GT or SLI-8600GT

Problem: how to tighten my laptop monitor

Problem: Can't get to login prompt, blue screen only

Problem: Making a boot partition for recovery

Problem: Basic VPN

Problem: How could i clean from some kind pop up Windows Antivirus has detected sypyware infeCtion

Problem: hard drive incompatible?