Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: User at host

from [Barry Brimer] Network Security [Permanent Link]
Subject: Re: User at host
Date: Wed, 15 Nov 2006 21:36:08 -0600 (CST) 
What im wondering is, how can i make it so a user+public key will only
authenticate if the connection is coming from a certain host?

ie: user joe can come from anywhere, pending they have joes.ppk

user jim can only come from 10.10.10.10/32 pending they have jims.ppk

Does your SSH server allow password authentication, or only public key exchanges?

If your SSH server allows only key exchanges, you can modify/lock down their authorized keys file as so:

from="allowed_host" ssh-rsa ......

If your SSH server allows other types of authentication you can use the pam_access module as so:

Create a file with the following contents:

-:jim:ALL EXCEPT <authorized host(s)>

Add the line: "account     required      pam_access.so 
accessfile=</path/to/file/created/in/previous/step>

(above line must be a solid line, it should not wrap)

above other account restrictions in /etc/pam.d/sshd

As always when working with PAM, I recommend a backup of any file you will be changing and 2 root logged in terminal sessions!

Good Luck!

Barry

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • User at host, MR James Edward Stickland
    • Re: User at host, Barry Brimer <=
Previous by Date:  Tunnel goes haywire, Greg Bell
Next by Date:  Re: Scp & sftp with no shell access or restricted access, Johan Swensson
Previous by Thread:  User at host, MR James Edward Stickland
Next by Thread:  SSH Port Forwarding and X11 Question !, Karun
Indexes:  [Date] [Thread] [Top] [All Lists]