[CentOS] On SSH
Rodrigo Barbosa
rodrigob at suespammers.org
Tue May 31 17:17:43 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, May 31, 2005 at 11:45:44AM +0200, Maciej ?enczykowski wrote:
> Hello,
>
> does anybody know how to achieve the following with SSH...
>
> a) accept RSA authentication for all but root from any IP
> b) accept RSA authentication for root from a couple IPs/Netmasks
> c) accept password authentication for all but root from a dozen Netmasks
> d) accept password authentication for root from 3 local netmasks only
>
> ie. make authentication depend on the USER,METHOD,CLIENT-IP triplet...
I don't think you can do all of that with just 1 instance of sshd.
You can, however, have more than one instance running, and use
iptables to redirect the connections based on the source IP address to
the correct instance (each one with a different port and config file).
Since sshd's footprint is very small, that should have no nasty
side effects.
[]s
- --
Rodrigo Barbosa <rodrigob at suespammers.org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCnJw3pdyWzQ5b5ckRAvoNAJ9ZV7W738hSbNIn7shakGQX+1OASQCdG5me
B/eP7ugGgdEg7m1SxAjiuCk=
=bkV9
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list