[TriLUG] how do I limit log on off Id to thre IP address
Aaron S. Joyner
aaron at joyner.ws
Wed Feb 11 00:08:13 EST 2004
One way that comes immediately to mind is to require the user to auth
via certificate, and then setup an RSA or DSA key for the user. Put a
from="1.2.3.4, 5.6.7.8, 12.23.34.45" <rest of the key> in the
.ssh/authorized_hosts2 file, which will allow him to connect, but only
from those IPs. Don't give that user access via standard password
authentication (i.e. change his password to null or to something the
user doesn't know). He will have to auth with the certificate, which
will only be accepted from those IP addresses. Note: Make sure he
doesn't have write access to the .ssh/authorized_keys2 file.
Another way would be to wrap up ssh in tcp wrappers via inetd - but
that's messy, and only logical if that user is the only user who will
authenticate via ssh (rather unlikely).
For more details on setting up public key auth, consult the man pages
for sshd and ssh-keygen, or ask again if more info is required.
Aaron J.
Ralph Blach wrote:
> I am running an linux server, and I want to limit a logon id to
> three ip address. is there any way to do this with sshd?
>
> Thank
>
> Chip
More information about the TriLUG
mailing list