[nycbug-talk] Restricting OpenSSH by account/IP

Rick Aliwalas rick
Tue Mar 15 10:12:04 EST 2005

On Tue, 15 Mar 2005, Paul Dlug wrote:

> The problem I have is that I have a host open to the outside for SSH used by 
> various remote employees and people working from home. This same host has a 
> number of accounts that users SSH into from their desktops. Some of these 
> accounts are shared between users (yes this is bad!) so they have insecure 
> passwords.
> I would like to restrict the range of IP's that a specific account can 
> connect from. I can't seem to find a way to do this, PAM seems to only give 
> me a way to authorize a user to use SSH as a whole service, not by the IP 
> address.

If you're using ssh keys, you can pre-pend the pub keys w/ something like:


If you're using OpenBSD, you could use authpf.


More information about the talk mailing list