Re: [TriLUG] how do I limit log on off Id to thre IP address

Aaron S. Joyner Tue, 10 Feb 2004 22:49:01 -0800

One way that comes immediately to mind is to require the user to auth via certificate, and then setup an RSA or DSA key for the user. Put a from="1.2.3.4, 5.6.7.8, 12.23.34.45" <rest of the key> in the .ssh/authorized_hosts2 file, which will allow him to connect, but only from those IPs. Don't give that user access via standard password authentication (i.e. change his password to null or to something the user doesn't know). He will have to auth with the certificate, which will only be accepted from those IP addresses. Note: Make sure he doesn't have write access to the .ssh/authorized_keys2 file.

Another way would be to wrap up ssh in tcp wrappers via inetd - but that's messy, and only logical if that user is the only user who will authenticate via ssh (rather unlikely).

For more details on setting up public key auth, consult the man pages for sshd and ssh-keygen, or ask again if more info is required.

Aaron J.

Ralph Blach wrote:

I am running an linux server, and I want to limit a logon  id to
three ip address. is there any way to do this with sshd?

Thank

Chip


--
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc

Re: [TriLUG] how do I limit log on off Id to thre IP address

Reply via email to