Hans van Leeuwen <email@hanz.nl> wrote:
> Hello,
>
> My company has created an application that allows remote users to edit
> their DNS-records. This app needs to restart bind on the remote nameservers.
This is a poor way to do dynamic DNS.
> I have decided to do this thrue SSH by putting the client key in
> authorized_keys2. But this seems a little risky, so I was wondering if
> it was possible to get sshd to only allow the client MAC-address.
I think you're probably trying to solve the wrong problem here, but you
can add a "command=/usr/bin/dowhatever" directive to the line for your
key in authorized_keys, and when that key is used to log in, that's the
command that gets run. This will reduce your risk somewhat.
--
Sam "Eddie" Couter | mailto:sam@couter.dropbear.id.au
Debian Developer | mailto:eddie@debian.org
| jabber:sam@teknohaus.dyndns.org
OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
Attachment:
pgpwyQPWLJqd2.pgp
Description: PGP signature