Hey all, New user here.

I have a user "user1" that I want to allow a couple of different users
"userX and userY" to be allowed to ssh into "server1" and "server2", but
not both servers using ssh-keys.

So as an example. UserX will ssh user1@server2 with ssh-key, but I don't
want userY to be able to successfully run the same command.

I currently have userX and userY's public ssh-key attached to user1 and I
have created a HBAC rule to allow user1 to connect with ssh on both server1
and server2. This is allowing user1 to connect to both servers fine,
without a password. It also is allowing users (X & Y) to ssh user1@server1
and user1@server2.

How can stop that to restrict userX to be able to ssh as user1 on server1,
but not server2?

Do I need to do something with the keytabs or add the ssh-keys for userX to
the server1 host only?

Sorry if this is confusing and thank you for your help on this.

Do not meddle in the affairs of dragons cause you are crunchy and good with
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to