[Gllug] Restricting ssh public key access
Andy McGarty
andy at mcgarty.net
Thu Aug 1 14:37:47 UTC 2002
>
> Public key authentication for ssh is all well and good, but it means
> your level of vulnerability is governed by the security of your
> clients, not by the server. Obviously, this is fine for machines under
> my control. But we need to give customers access, and I don't trust
> their clients, so I want a way of disabling public key access for all
> but a few trusted IP addresses. Is this possible? I'm using openssh.
>
> I know I can do it with "from=" lines in the authorized_keys file.
> However, that file is under the users' control, so it's trivial for
> them to bypass. I want something that I can set as an administrator,
> on a global basis. Any ideas?
>
Can you use wrappers? Or rules in your firewall?
Andy
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list