What im wondering is, how can i make it so a user+public key will only
authenticate if the connection is coming from a certain host?
ie: user joe can come from anywhere, pending they have joes.ppk
user jim can only come from 10.10.10.10/32 pending they have jims.ppk
Does your SSH server allow password authentication, or only public key
exchanges?
If your SSH server allows only key exchanges, you can modify/lock down
their authorized keys file as so:
from="allowed_host" ssh-rsa ......
If your SSH server allows other types of authentication you can use the
pam_access module as so:
Create a file with the following contents:
-:jim:ALL EXCEPT <authorized host(s)>
Add the line: "account required pam_access.so
accessfile=</path/to/file/created/in/previous/step>
(above line must be a solid line, it should not wrap)
above other account restrictions in /etc/pam.d/sshd
As always when working with PAM, I recommend a backup of any file you will
be changing and 2 root logged in terminal sessions!
Good Luck!
Barry
