Re: authentication in ssh

[Adam ENDRODI <borso@vekoll.saturnus.vein.hu>]

First off, thank all of you for your replies.  Since I was unable
to find a standard way to achieve what I wanted, I've developed a
set of patches for OpenSSH 3.7.1p1.  The patch adds a new
configuration option, by which you can define what authentication
methods are available for a given <user|group, host> twin.
Unfortunately, I will only work for protocol versions 1.99 and
above.  If you're interested, just drop me an e-mail.

On Wed, Nov 12, 2003 at 10:23:08AM -0600, David Ehle wrote:
> 
> Hmm, just occured to me that you could do the following, though I think it
> would be considered a kludge.  Run 2 sshd daemons on different ports.  On

I think I'll choose this approach in the long run anyway.  Having a
separated daemon for the powerusers (including me in this context)
seems reasonable, so that I won't be locked out if the "public"
sshd gets DoSed somehow.

> This would mean however that you power users would need to custom
> configure their ssh clients to talk to your oddball port. Kind of
> inconvenient...

Packet filters are more of my concerns.  Probably a few REDIRECT
rules will be needed.

bit,
adam

-- 
1024D/37B8D989 954B 998A E5F5 BA2A 3622  82DD 54C2 843D 37B8 D989      
finger://borso@vekoll.vein.hu | Some days, my soul's confined
http://www.keyserver.net | And out of mind
Sleep forever