[nycbug-talk] Restricting OpenSSH by account/IP
mspitzer at gmail.com
Tue Mar 15 10:37:43 EST 2005
On Tue, 15 Mar 2005 09:44:39 -0500, Paul Dlug <paul at aps.org> wrote:
> I'm wondering if anyone has a solution to this, I've been searching on
> and off for a while and can't seem to find anything..
> The problem I have is that I have a host open to the outside for SSH
> used by various remote employees and people working from home. This
> same host has a number of accounts that users SSH into from their
> desktops. Some of these accounts are shared between users (yes this is
> bad!) so they have insecure passwords.
> I would like to restrict the range of IP's that a specific account can
> connect from. I can't seem to find a way to do this, PAM seems to only
> give me a way to authorize a user to use SSH as a whole service, not by
> the IP address.
IPF, IPFW and PF come to mind.
> % NYC*BUG talk mailing list
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
More information about the talk