[nycbug-talk] Restricting OpenSSH by account/IP

Marc Spitzer mspitzer
Tue Mar 15 10:37:43 EST 2005


On Tue, 15 Mar 2005 09:44:39 -0500, Paul Dlug <paul at aps.org> wrote:
> I'm wondering if anyone has a solution to this, I've been searching on
> and off for a while and can't seem to find anything..
> 
> The problem I have is that I have a host open to the outside for SSH
> used by various remote employees and people working from home. This
> same host has a number of accounts that users SSH into from their
> desktops. Some of these accounts are shared between users (yes this is
> bad!) so they have insecure passwords.
> 
> I would like to restrict the range of IP's that a specific account can
> connect from. I can't seem to find a way to do this, PAM seems to only
> give me a way to authorize a user to use SSH as a whole service, not by
> the IP address.

IPF, IPFW and PF come to mind.  

marc

> 
> Thanks,
> Paul
> 
> _______________________________________________
> % NYC*BUG talk mailing list
> http://lists.nycbug.org/mailman/listinfo/talk
> %Be sure to check out our Jobs and NYCBUG-announce lists
> %We meet the first Wednesday of the month
>




More information about the talk mailing list