Hey.
Perhaps someone can help me with the following (OpenSSH 6.7):
I have a host reachable via miscellaneous interfaces (and network
addresses) running SSH.
Some specific users should be only reachable from the inside, so e.g.
though something like this would do the job in sshd_config:
#general config
#...
Match User foo LocalAddress 10.0.0.1,fe80:abba::0
PasswordAuthentication no
KbdInteractiveAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
RSAAuthentication no
PubkeyAuthentication yes
Match User foo LocalAddress !10.0.0.1,!fe80:abba::0
PasswordAuthentication no
KbdInteractiveAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
RSAAuthentication no
PubkeyAuthentication no
But apparently it never goes into the negative matching block :-(
Also, it seems that hostnames can generally not be used with
LocalAddress,.. is this expected? Cause that would be kinda nice.
Thanks,
Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
