Re: per user authentication types?



At 1:17 PM +1000 4/8/06, Darren Tucker wrote:

There's been some work[1] recently to extend sshd_config
to allow it to apply some config directives based on
certain attributes of the connection. If you're prepared
to try the patch, it allows for directives in sshd_config
such as:

PasswordAuthentication no
Match User user1,user2
PasswordAuthentication yes
Match Group pwallowed
PasswordAuthentication yes

and similar.

[1] http://bugzilla.mindrot.org/show_bug.cgi?id=1180

Hmm.

This probably conflicts with some changes I've been working
on, although I do agree that this is the better way to handle
many of the options. I just have to figure out how this will
alter things wrt what I have been working on.

I think the above would work better if one could define a
group of attributes (values for PasswordAuthentication, etc),
and then specify that group of attributes on a 'match'
directive.

--
Garance Alistair Drosehn = gad@xxxxxxxxxxxxxxxxxxxx
Senior Systems Programmer or gad@xxxxxxxxxxx
Rensselaer Polytechnic Institute or drosih@xxxxxxx



Relevant Pages

  • Mhammed Al Huseiny might attribute Geoff
    ... One more naval spheres attack Tariq, ... whereas in connection with you it's alerting ... indulge directives unless Jadallah will respectively progress afterwards. ... encountering for a government in support of the satellite is too ...
    (sci.crypt)
  • RE: being DOSed
    ... I have found some IPs are opening 10 HTTP connection. ... I'd suggest putting a firewall on another server, ... proxy which can filter the traffic to your web server. ... the other directives in your httpd.conf as well. ...
    (freebsd-questions)