-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, May 31, 2005 at 11:45:44AM +0200, Maciej ?enczykowski wrote: > Hello, > > does anybody know how to achieve the following with SSH... > > a) accept RSA authentication for all but root from any IP > b) accept RSA authentication for root from a couple IPs/Netmasks > c) accept password authentication for all but root from a dozen Netmasks > d) accept password authentication for root from 3 local netmasks only > > ie. make authentication depend on the USER,METHOD,CLIENT-IP triplet... I don't think you can do all of that with just 1 instance of sshd. You can, however, have more than one instance running, and use iptables to redirect the connections based on the source IP address to the correct instance (each one with a different port and config file). Since sshd's footprint is very small, that should have no nasty side effects. []s - -- Rodrigo Barbosa <rodrigob@xxxxxxxxxxxxxxx> "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCnJw3pdyWzQ5b5ckRAvoNAJ9ZV7W738hSbNIn7shakGQX+1OASQCdG5me B/eP7ugGgdEg7m1SxAjiuCk= =bkV9 -----END PGP SIGNATURE-----