Re: MAC-based ssh

To: debian-security@lists.debian.org
Subject: Re: MAC-based ssh
From: Oliver Hitz <oliver@net-track.ch>
Date: Fri, 2 May 2003 14:34:17 +0200
Message-id: <20030502123417.GB31628@net-track.ch>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <3EB247BC.6080600@hanz.nl>
References: <3EB247BC.6080600@hanz.nl>

On 02 May 2003, Hans van Leeuwen wrote:
> I have decided to do this thrue SSH by putting the client key in 
> authorized_keys2. But this seems a little risky, so I was wondering if 
> it was possible to get sshd to only allow the client MAC-address.

If these remote users always connect from the same IP address, then
you should put this into authorized_keys:

  from="hostname or ip" ssh-rsa ...public-key...

It is also possible to further restrict this connection. Something
like

  command="/etc/init.d/bind restart",from="..." ssh-rsa ...

will restart bind for every such connection without giving the user
any other possibilities. Check sshd(8) for more options.

Oliver

Reply to:

Follow-Ups:
- Re: MAC-based ssh
  - From: Thomas Krennwallner <djmaecki@ull.at>
- Re: MAC-based ssh
  - From: Hans van Leeuwen <email@hanz.nl>

References:
- MAC-based ssh
  - From: Hans van Leeuwen <email@hanz.nl>

Prev by Date: Re: MAC-based ssh
Next by Date: Re: sendmail + mailscanner
Previous by thread: Re: MAC-based ssh
Next by thread: Re: MAC-based ssh
Index(es):
- Date
- Thread