[Gllug] Restricting ssh public key access
Jason Clifford
jason at ukpost.com
Thu Aug 1 14:52:28 UTC 2002
On Thu, 1 Aug 2002, Jason Clifford wrote:
> > I want them to be able to log in from anywhere,
> > just if they're not coming from an approved source, then they have to
> > use password authentication, rather than public key authentication.
>
> You can certainly disallow public key authentication on a global basis. I
> don't think you can selectively apply the option though :(
Bad form replying to my own post I know however this peaked my interest a
little so I read the man page ;)
You can specify, on the server in the Authorised Keys File (which you can
specify to be different from the usual location using AuthorizedKeysFile)
options for each each including a "from" option that allows you to limit
access by host among other things.
While this wont allow you to limit such connections by user, you can at
least minimise the risk involved and this may be enough if you need to
offer public key auth.
Jason Clifford
--
UKPOST.COM get your @ukpost.com address now...
http://www.ukpost.com/ professional hosting and colocation
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list