[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Can a daemon listen only on some interfaces?

At 15:06 08.12.01, you wrote:


>I do want sshd to listen on all (0.0.0.0) but I would like to find a way
>to make it only accept connection attempts for a certain user from the
>internet but still allow several other users to connect from the LAN.  I
>do know how to make it accept connections for only certain users - by
>using the AllowUsers config item in /etc/ssh/sshd_config.  But this
>allows all the users specified, to connect on all interfaces ssh listens
>on, which is not what I want ideally.  What would be better, is to allow
>several from the LAN to connect but only one (me) from the internet.
>This doesn't seem possible from my reading so far.  Oh well.


If you log in with RSAkey authentication, you can set the 'from' option in 
the $HOME/.ssh/authorized_keys
file.

$man sshd
AUTHORIZED_KEYS FILE FORMAT
..
from="pattern-list"
         Specifies that in addition to RSA authentication, the canonical
         name of the remote host must be present in the comma-separated
         list of patterns (`*' and `?' serve as wildcards).  The list may
         also contain patterns negated by prefixing them with `!'; if the
         canonical host name matches a negated pattern, the key is not ac-
         cepted.  ....

But I don't know how to manage it with password authentication, but keys 
are any more secure for internet connections.

HTH

Jens
Reply to: