[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: restrict root access for one perticular ip in SSH

The public key is a great idea. I also add command="/root/validate"
with validate being a script that checks some stuff before passing
it on. I basically use this to rsync a couple of directories which
must be done as root, but use the validate script to limit the
commands that can be executed. I think it could be adapted for what
you are talking about.

Let me know if you want more info and I'll send you the script and
some examples.

Rod

Christian Hammers said:
> Hello
>
> On 2005-11-08 Radhika wrote:
>>   In ssh i want to restrict root access for one perticular ip.The
>> main
>>   point is whoever logged in through one ipaddress only should
>> have root
>>   access.
>
> One possible way:
> - allow everybody to login as normal user,
> - use "PermitRootLogin without-password" in /etc/ssh/sshd_config and
> - install the public key from the privileged user in
>   /root/.ssh/authorized_keys with the from="..." option (man sshd)
>
> bye,
>
> -christian-
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>


-- 
Meddle not in the Affairs of Dragons
    for thou art crunchy, and good with catsup.
Reply to: