Re: MAC-based ssh

To: debian-security@lists.debian.org
Subject: Re: MAC-based ssh
From: Peter Ondraska <ondraska@dcs.fmph.uniba.sk>
Date: Fri, 2 May 2003 18:20:58 +0200 (MET DST)
Message-id: <Pine.3.89.10305021826.B24568-0100000@beta.dcs.fmph.uniba.sk>
In-reply-to: <20030502154953.GA2472@ip3inc.com>


On Fri, 2 May 2003, Phillip Hofmeister wrote:

> On Fri, 02 May 2003 at 12:26:04PM +0200, Hans van Leeuwen wrote:
> > I have decided to do this thrue SSH by putting the client key in 
> > authorized_keys2. But this seems a little risky, so I was wondering if 
> > it was possible to get sshd to only allow the client MAC-address.
> 
> SSHD cannot do what you are asking it to do, in fact I don't think there
> are many TCP/IP Applications that can.  The MAC address is WELL below
> the layer 5,6,7 that most internet applications reside in.
> 
Doesn't TCP/IP have only at most 4 layers?

Peter Ondraska

> Many applications can pick up layer 3 and 4 data (IP Address and port)
> but the layer 2 information (MAC) is usually only a concern for the O/S
> Kernel.
> 
> Some of the other options discussed in this thread might be a better
> solution.
> 
> -- 
> Phillip Hofmeister
> Network Administrator/Systems Engineer
> IP3 Inc.
> http://www.ip3security.com
> 
> PGP/GPG Key:
> http://www.zionlth.org/~plhofmei/
> wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
> --
> Excuse #163: RPC_PMAP_FAILURE 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>

Reply to:

Follow-Ups:
- [OT] TCP/IP and OSI (Was: Re: MAC-based ssh)
  - From: Phillip Hofmeister <plhofmei@ip3inc.com>

References:
- Re: MAC-based ssh
  - From: Phillip Hofmeister <plhofmei@ip3inc.com>

Prev by Date: Re: MAC-based ssh
Next by Date: Security Audit tools
Previous by thread: Re: MAC-based ssh
Next by thread: [OT] TCP/IP and OSI (Was: Re: MAC-based ssh)
Index(es):
- Date
- Thread