restricting originating IP per user

From: Robert (robert@robert.net)
Date: 12/02/02

Next message: Martinez, Michael - CSREES/ISTM: "sftp-server logging?"

Previous message: sudhakar: "The error with openssh"
Next in thread: Kim, Anthony: "RE: restricting originating IP per user"
Maybe reply: Kim, Anthony: "RE: restricting originating IP per user"
Maybe reply: Kim, Anthony: "RE: restricting originating IP per user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Robert <robert@robert.net>
To: secureshell@securityfocus.com
Date: Mon, 2 Dec 2002 16:02:55 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> What I want is to restrict one user's account to only be able to ssh in
> from a certain IP. That way, if someone got her password/passphrase,
> they
> wouldn't be able to access the server from any other location.

Use the options available in the authorized_keys file. For example:

from="101.202.99.1" 1024 35 124482811179327377929246[..rest of key..]

That limits this key to only be allowed from the specified IP address.
Only useful for single IP numbers (you CAN duplicate a key in the
authorized_keys file and put a different IP number in for the second
instance of the same key, but clumsy for anything more complex than that
and may not work in ALL implementations)

Robert Baskerville

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.2
Comment: www.vistorm.com/pgp

iQGVAwUBPeuBLKLvtZXFYwUMAQIWmwv+Or9cW5ZqnhXS0SvXAjaaQCTO9NOxHEgM
LDtJeV+xUJPZvp/BQafJqpYZFKFrgGrAf8LlXX8lqlfFZfXjILJ+1tECNrMKi6wY
0PuJOKdgq7KopCJdPz2AJFL7D9GnvgVlHjXlGUWkAg9gPyH0Om3WV8vL0Sa7HquN
vb1rYQ8lpXdAaHitdPnaAJpjZhR+A7SV/CzYJR1JfDJ5IZkcU3icq/Ao7lwj8Z7C
yAJhT0N/ApzYYcFhA42LrWaeAuByPDWUxdJus0bnNzTz8dSGaCsLd6vlCi9vQBDH
s/QRmYT4E000nPyCswgOEMaavfa54ms2Lcqc4q1IIoTRot0wJf/yfcgsIV21PBXf
dSor39X2fVZj3Pf3qLr6PHBkvDdwmhl1DUgUYQD3CJ1jsfJf6xY50OnbzjemJve4
sWEhl1hk57mRlSSjfoWa69kZGDkumQG90DhVEMqGfklr7S9yP4CisWf6UzSe2iUe
+hgbAG/VsVmohYXGnUrlg+uZ/SREAO61
=6s9I
-----END PGP SIGNATURE-----

Next message: Martinez, Michael - CSREES/ISTM: "sftp-server logging?"
Previous message: sudhakar: "The error with openssh"
Next in thread: Kim, Anthony: "RE: restricting originating IP per user"
Maybe reply: Kim, Anthony: "RE: restricting originating IP per user"
Maybe reply: Kim, Anthony: "RE: restricting originating IP per user"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: allow SFTP FTP but not SSH. Can ??
... >> But is there a way to restrict people from SSH using this ... >> account but still allowing ftp and sftp?? ... Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm ...
(Fedora)
Re: allow SFTP FTP but not SSH. Can ??
... > But is there a way to restrict people from SSH using this ... > account but still allowing ftp and sftp?? ... I know there may be other ways to this but...I recommend "rssh". ...
(Fedora)
Restrict a SSH account to a single IP
... I couldn't find any documentation on this issue. ... What I want is to restrict one user's account to only be able to ssh in from ...
(SSH)
Re: Passing password in ssh
... If I create keys without a passphrase, and share the public keys between ... You do know that you first have to get the private key of the key ... The .ssh directory also ... But simply cracking into a user's account who has access to several ...
(Fedora)
Re: Problems with Sudo
... where only one unprivileged account is allowed to log in. ... you're gaining nothing at all by running two ssh daemons ... Using odd port numbers isn't very useful either, ... I have SSH exposed to the world with key-only login and an iptables ...
(Ubuntu)