[Gllug] Restricting ssh public key access
Tethys
tet at accucard.com
Thu Aug 1 14:27:44 UTC 2002
Public key authentication for ssh is all well and good, but it means
your level of vulnerability is governed by the security of your
clients, not by the server. Obviously, this is fine for machines under
my control. But we need to give customers access, and I don't trust
their clients, so I want a way of disabling public key access for all
but a few trusted IP addresses. Is this possible? I'm using openssh.
I know I can do it with "from=" lines in the authorized_keys file.
However, that file is under the users' control, so it's trivial for
them to bypass. I want something that I can set as an administrator,
on a global basis. Any ideas?
Tet
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list