Re: MAC-based ssh

To: debian-security@lists.debian.org
Subject: Re: MAC-based ssh
From: Thomas Krennwallner <djmaecki@ull.at>
Date: Fri, 2 May 2003 15:10:14 +0200
Message-id: <20030502131014.GA18195@ull.at>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <20030502123417.GB31628@net-track.ch>
References: <3EB247BC.6080600@hanz.nl> <20030502123417.GB31628@net-track.ch>

On Fri May 02, 2003 at 02:34:17PM +0200, Oliver Hitz wrote:
> On 02 May 2003, Hans van Leeuwen wrote:
> > I have decided to do this thrue SSH by putting the client key in 
> > authorized_keys2. But this seems a little risky, so I was wondering if 
> > it was possible to get sshd to only allow the client MAC-address.
> 
[...]
> It is also possible to further restrict this connection. Something
> like
> 
>   command="/etc/init.d/bind restart",from="..." ssh-rsa ...
> 
> will restart bind for every such connection without giving the user
> any other possibilities. Check sshd(8) for more options.

Better for an unprivileged user:
command="sudo /etc/init.d/bind restart",from="..." ssh-rsa ...

so long
Thomas

-- 
 .''`.  Obviously we do not want to leave zombies around. - W. R. Stevens
: :'  : Thomas Krennwallner <djmaecki at ull dot at>
`. `'`  1024D/67A1DA7B 9484 D99D 2E1E 4E02 5446  DAD9 FF58 4E59 67A1 DA7B
  `-    http://bigfish.ull.at/~djmaecki/

Reply to:

References:
- MAC-based ssh
  - From: Hans van Leeuwen <email@hanz.nl>
- Re: MAC-based ssh
  - From: Oliver Hitz <oliver@net-track.ch>

Prev by Date: Re: Woody security updates
Next by Date: Re: mgetty vulnerable
Previous by thread: Re: MAC-based ssh
Next by thread: Re: MAC-based ssh
Index(es):
- Date
- Thread