[Gllug] Restricting ssh public key access
Tom Gilbert
tom at linuxbrit.co.uk
Thu Aug 1 22:48:25 UTC 2002
* Tethys (tet at accucard.com) wrote:
>
> Public key authentication for ssh is all well and good, but it means
> your level of vulnerability is governed by the security of your
> clients, not by the server. Obviously, this is fine for machines under
> my control. But we need to give customers access, and I don't trust
> their clients, so I want a way of disabling public key access for all
> but a few trusted IP addresses. Is this possible? I'm using openssh.
Don't forget that if your clients boxes aren't considered "safe",
password auth is just as dangerous as public key access. i.e. if someone
can get sufficient access to swipe their private key, they can generally
snoop the password just as easily :/
Tom.
--
.^. .-------------------------------------------------------.
/V\ | Tom Gilbert, London, England | http://linuxbrit.co.uk |
/( )\ | Open Source/UNIX consultant | tom at linuxbrit.co.uk |
^^-^^ `-------------------------------------------------------'
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list