From cef1e1e949cea6480e9968eb8ce7e9cf8d42ac89 Mon Sep 17 00:00:00 2001
From: Xiao Pan <xyz@flylightning.xyz>
Date: Tue, 15 Jul 2025 19:14:45 +0800
Subject: sshd allow from localhost

---
 etc/ssh/sshd_config | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config
index 62793759..bf7498f8 100644
--- a/etc/ssh/sshd_config
+++ b/etc/ssh/sshd_config
@@ -9,6 +9,7 @@ KbdInteractiveAuthentication no
 UsePAM yes
 # when ssh into this remote server, client if use alacritty need `SendEnv COLORTERM` to send the env to server, so server ls can default output color, more see comments in my alacritty.toml config
 AcceptEnv COLORTERM
+
 # https://unix.stackexchange.com/a/472848 wrote about sshd_config AllowUsers
 # CIDR address: "Notice that that will not work with 'inconsistent' addresses
 # (where the bits outside the mask are not all 0, eg. 192.168.177.0/22)". My
@@ -24,7 +25,10 @@ AcceptEnv COLORTERM
 # 192.0.2.0/8 has a 2 which is 10 in binary which is a bit set "in" the CIDR /8
 # range, so it will not work. Just before that quote, it also gives an example
 # of 192.0.2.0/24 which should work. Not tested.
-AllowUsers gitolite@10.0.0.0/24
+#
+# My test shows `AllowUsers gitolite@localhost` does not work, so I use
+# 127.0.0.1 and ::1
+AllowUsers gitolite@10.0.0.0/24 gitolite@127.0.0.1 gitolite@::1
 
 # Include drop-in configurations
 Include /etc/ssh/sshd_config.d/*.conf
-- 
cgit v1.2.3-70-g09d2