On May 27, 2004 05:05 am, Reuben D. Budiardja wrote: > Hello, > I am wondering if someone can help me on how to achieve the following. > > 1. I use tcp wrapper with SSH (/etc/hosts.allow & hosts.deny). I have > policy for our server that only access from my domain (.utk.edu domain) is > allowed. But we also have several exceptions for people who is outside this > domain, so I add that domain to /etc/hosts.allow. What I really want > though, is If I can restrict that only certain username can SSH to the > server from this remote domain. So for example, if I add .comcast.net > domain to /etc/hosts.allow, I want to restrict it further to: "only > username 'the-boss' can SSH to this machine from comcast.net". Is there any > way to do that at all ? > > 2. Public-key login: I want to disable public-key login, and I know how to > do that. However, there are certain cases where we want to allow public-key > login, eg. for automated backup, running parallel jobs in beowulf cluster. > So I am wondering if there's a way to disable public-key login in general, > but allow public-key login from a very restrictive set of IP, eg: disable > public-key login, except from IP 10.0.0.0/250 (local network) > > Any help on how to do any of those would be greatly appreciated. > > Thanks in advance. > RDB > -- > Reuben D. Budiardja > Department of Physics and Astronomy > The University of Tennessee, Knoxville, TN > --------------------------------------------------------- > "To be a nemesis, you have to actively try to destroy > something, don't you? Really, I'm not out to destroy > Microsoft. That will just be a completely unintentional > side effect." > - Linus Torvalds - Hi, It looks like Ed and Matthew pretty much covered it, but in case you want more info, I have a couple docs on restricted ssh access etc. at: http://nesbitt.yi.org/howto.shtml -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
