On Mon, Apr 10, 2017 at 12:04:58AM -0400, Tym Rehm wrote: > Hey all, New user here. > > I have a user "user1" that I want to allow a couple of different users > "userX and userY" to be allowed to ssh into "server1" and "server2", but > not both servers using ssh-keys. > > So as an example. UserX will ssh user1@server2 with ssh-key, but I don't > want userY to be able to successfully run the same command. > > I currently have userX and userY's public ssh-key attached to user1 and I > have created a HBAC rule to allow user1 to connect with ssh on both server1 > and server2. This is allowing user1 to connect to both servers fine, > without a password. It also is allowing users (X & Y) to ssh user1@server1 > and user1@server2. > > How can stop that to restrict userX to be able to ssh as user1 on server1, > but not server2? > > Do I need to do something with the keytabs or add the ssh-keys for userX to > the server1 host only?
I'm honestly not sure if I understand the problem well, but would it be helpful to add SSH keys to an ID view that is attached to one of the servers only? -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project