Re: MAC-based ssh
On 02 May 2003, Hans van Leeuwen wrote:
> I have decided to do this thrue SSH by putting the client key in
> authorized_keys2. But this seems a little risky, so I was wondering if
> it was possible to get sshd to only allow the client MAC-address.
If these remote users always connect from the same IP address, then
you should put this into authorized_keys:
from="hostname or ip" ssh-rsa ...public-key...
It is also possible to further restrict this connection. Something
like
command="/etc/init.d/bind restart",from="..." ssh-rsa ...
will restart bind for every such connection without giving the user
any other possibilities. Check sshd(8) for more options.
Oliver
Reply to: