On Mon, Apr 10, 2017 at 12:04:58AM -0400, Tym Rehm wrote:
> Hey all, New user here.
> 
> I have a user "user1" that I want to allow a couple of different users
> "userX and userY" to be allowed to ssh into "server1" and "server2", but
> not both servers using ssh-keys.
> 
> So as an example. UserX will ssh user1@server2 with ssh-key, but I don't
> want userY to be able to successfully run the same command.
> 
> I currently have userX and userY's public ssh-key attached to user1 and I
> have created a HBAC rule to allow user1 to connect with ssh on both server1
> and server2. This is allowing user1 to connect to both servers fine,
> without a password. It also is allowing users (X & Y) to ssh user1@server1
> and user1@server2.
> 
> How can stop that to restrict userX to be able to ssh as user1 on server1,
> but not server2?
> 
> Do I need to do something with the keytabs or add the ssh-keys for userX to
> the server1 host only?

I'm honestly not sure if I understand the problem well, but would it be
helpful to add SSH keys to an ID view that is attached to one of the
servers only?

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to