Finer grain control of SSH access
From: Reuben D. Budiardja (techlist_at_voyager.phys.utk.edu)
Date: 05/27/04
- Previous message: Carlos Antonio Gomez: "Re: How to add service on system reboot"
- Next in thread: Ed Wilts: "Re: Finer grain control of SSH access"
- Reply: Ed Wilts: "Re: Finer grain control of SSH access"
- Reply: Matthew Melvin: "Re: Finer grain control of SSH access"
- Reply: Pete Nesbitt: "Re: Finer grain control of SSH access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: redhat-list@redhat.com Date: Thu, 27 May 2004 08:05:59 -0400
Hello,
I am wondering if someone can help me on how to achieve the following.
1. I use tcp wrapper with SSH (/etc/hosts.allow & hosts.deny). I have policy
for our server that only access from my domain (.utk.edu domain) is allowed.
But we also have several exceptions for people who is outside this domain, so
I add that domain to /etc/hosts.allow. What I really want though, is If I can
restrict that only certain username can SSH to the server from this remote
domain. So for example, if I add .comcast.net domain to /etc/hosts.allow, I
want to restrict it further to: "only username 'the-boss' can SSH to this
machine from comcast.net". Is there any way to do that at all ?
2. Public-key login: I want to disable public-key login, and I know how to do
that. However, there are certain cases where we want to allow public-key
login, eg. for automated backup, running parallel jobs in beowulf cluster. So
I am wondering if there's a way to disable public-key login in general, but
allow public-key login from a very restrictive set of IP, eg: disable
public-key login, except from IP 10.0.0.0/250 (local network)
Any help on how to do any of those would be greatly appreciated.
Thanks in advance.
RDB
--
Reuben D. Budiardja
Department of Physics and Astronomy
The University of Tennessee, Knoxville, TN
---------------------------------------------------------
"To be a nemesis, you have to actively try to destroy
something, don't you? Really, I'm not out to destroy
Microsoft. That will just be a completely unintentional
side effect."
- Linus Torvalds -
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Carlos Antonio Gomez: "Re: How to add service on system reboot"
- Next in thread: Ed Wilts: "Re: Finer grain control of SSH access"
- Reply: Ed Wilts: "Re: Finer grain control of SSH access"
- Reply: Matthew Melvin: "Re: Finer grain control of SSH access"
- Reply: Pete Nesbitt: "Re: Finer grain control of SSH access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
