file provides user access control for
by defining which users may login.
file does not exist, all users are denied access.
is the escape character; it can be used to escape the meaning of the
comment character, or if it is the last character on a line, extends
a configuration directive across multiple lines.
is the comment character, and all characters from it to the end of
line are ignored (unless it is escaped with the escape character).
The syntax of each line is:
userglob[:groupglob][@host] [directive [class]]
These elements are:
matched against the user name, using
matched against all the groups that the user is a member of, using
either a CIDR address (refer to
to match against the remote address
glob to match against the remote hostname
the user is allowed access.
is not given, the user is denied access.
defines the class to use in
is not given, it defaults to one of the following:
If there is a match in
for the user.
If the user name is
If neither of the above is true.
No further comparisons are attempted after the first successful match.
If no match is found, the user is granted access.
This syntax is backward-compatible with the old syntax.
If a user requests a guest login, the
server checks to see that
have access, so if you deny all users by default, you will need to add both
in order to allow guest logins.