Re: MAC-based ssh

To: debian-security@lists.debian.org
Subject: Re: MAC-based ssh
From: Kay-Michael Voit <debian@voits.net>
Date: Fri, 2 May 2003 13:09:15 +0200
Message-id: <809667991.20030502130915@voits.net>
Reply-to: Kay-Michael Voit <debian@voits.net>
In-reply-to: <3EB247BC.6080600@hanz.nl>
References: <3EB247BC.6080600@hanz.nl>

did you consider just to blockother mac-addresses through iptables?

but... i don't know, what you are doing there, but are you sure you
want to grant every user ssh access?
i assume you need to be root for this? how are you going to solve it
over ssh? and how do you prevent users from just shutting down your
bind?
i would suggest to use a webinterface, for example with php, which
puts commands into a database, or something similar (perhaps a text
file could do it, too) and then run a cronjob, let's say, every 10
mins with a script that restarts bind.


HvL> Hello,

HvL> My company has created an application that allows remote users to edit 
HvL> their DNS-records. This app needs to restart bind on the remote nameservers.

HvL> I have decided to do this thrue SSH by putting the client key in 
HvL> authorized_keys2. But this seems a little risky, so I was wondering if 
HvL> it was possible to get sshd to only allow the client MAC-address.

HvL> I've looked around, but for some reason search-engines tend to send me 
HvL> to www.apple.com ;-)

Reply to:

Follow-Ups:
- Re: MAC-based ssh
  - From: Hans van Leeuwen <email@hanz.nl>

References:
- MAC-based ssh
  - From: Hans van Leeuwen <email@hanz.nl>

Prev by Date: Re: MAC-based ssh
Next by Date: Re: MAC-based ssh
Previous by thread: Re: MAC-based ssh
Next by thread: Re: MAC-based ssh
Index(es):
- Date
- Thread