mailto428496 wrote: > > Couldn't you use hostbased authentication for client machines and > > publickey for users? > > That had occurred to me, but in our case users sometimes connect from > shared systems that are outside of our direct control and we would like > to control pubkey client access on a per user basis rather than per machine. Hostbased authentication can use per-user host keys. Or maybe I don't understand your point? Hostbased auth can consider both system-wide (on server) public host keys (for client hosts) as well as per-user (on server) public host keys (for client hosts). In addition to hostbased, publickey authentication then requires the user to also authenticate themselves to the server, as usual. Now, I don't think there is a hook for host public keys like there is for user public keys, but maybe you can use it anyway? //Peter _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
