On SSH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, May 31, 2005 at 11:45:44AM +0200, Maciej ?enczykowski wrote:
> Hello,
> 
> does anybody know how to achieve the following with SSH...
> 
>    a) accept RSA authentication for all but root from any IP
>    b) accept RSA authentication for root from a couple IPs/Netmasks
>    c) accept password authentication for all but root from a dozen Netmasks
>    d) accept password authentication for root from 3 local netmasks only
> 
> ie. make authentication depend on the USER,METHOD,CLIENT-IP triplet...

I don't think you can do all of that with just 1 instance of sshd.
You can, however, have more than one instance running, and use
iptables to redirect the connections based on the source IP address to
the correct instance (each one with a different port and config file).

Since sshd's footprint is very small, that should have no nasty
side effects.

[]s

- -- 
Rodrigo Barbosa <rodrigob@xxxxxxxxxxxxxxx>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCnJw3pdyWzQ5b5ckRAvoNAJ9ZV7W738hSbNIn7shakGQX+1OASQCdG5me
B/eP7ugGgdEg7m1SxAjiuCk=
=bkV9
-----END PGP SIGNATURE-----

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux