[nycbug-talk] Restricting OpenSSH by account/IP
nomadlogic at gmail.com
Tue Mar 15 16:24:32 EST 2005
On Tue, 15 Mar 2005 16:17:30 -0500, Paul Dlug <paul at aps.org> wrote:
> On Mar 15, 2005, at 2:14 PM, pete wright wrote:
> > just because you are using key's doesn't mean that you don't have to
> > use a password. In fact it would probably be better to paasword
> > protect your key's. Unless I'm missing something....
> Yes the keys are protected by passphrase but by "password" I mean plain
> unix password authentication, not authentication with SSH keys. As far
> as I know you can't apply the IP access restrictions to the password
> authentication scheme, only the keys authentication.
hmmm...i see what you mean. I was under the assumtion that sshd would
pass on the auth. to what ever Unix authentication method you are
using (PAM, Kerberos or what ever). At least that is how it behaves
on my systems (and I believe that by default PAM is enabled in
OpenSSH), not sure how you have things setup though.
NYC's *BSD User Group
More information about the talk