[Gllug] Restricting ssh public key access

Andy McGarty andy at mcgarty.net
Thu Aug 1 14:37:47 UTC 2002


> 
> Public key authentication for ssh is all well and good, but it means
> your level of vulnerability is governed by the security of your
> clients, not by the server. Obviously, this is fine for machines under
> my control. But we need to give customers access, and I don't trust
> their clients, so I want a way of disabling public key access for all
> but a few trusted IP addresses. Is this possible? I'm using openssh.
> 
> I know I can do it with "from=" lines in the authorized_keys file.
> However, that file is under the users' control, so it's trivial for
> them to bypass. I want something that I can set as an administrator,
> on a global basis. Any ideas?
> 
Can you use wrappers?  Or rules in your firewall?

Andy



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list