[nycbug-talk] Restricting OpenSSH by account/IP

steverieger steve
Tue Mar 15 16:57:23 EST 2005




On 3/15/05 4:24 PM, "pete wright" <nomadlogic at gmail.com> wrote:

> On Tue, 15 Mar 2005 16:17:30 -0500, Paul Dlug <paul at aps.org> wrote:
>> 
>> On Mar 15, 2005, at 2:14 PM, pete wright wrote:
> 
> 
> hmmm...i see what you mean.  I was under the assumtion that sshd would
> pass on the auth. to what ever Unix authentication method you are
> using (PAM, Kerberos or what ever).  At least that is how it behaves
> on my systems (and I believe that by default PAM is enabled in
> OpenSSH), not sure how you have things setup though.
> 
> -p
> 
May I propose the following


Use ldap for ssh authentication and only allow ssh to listen to one ip
address. 


Or perhaps I am missing something here.






More information about the talk mailing list