Re: User at host

What im wondering is, how can i make it so a user+public key will only
authenticate if the connection is coming from a certain host?

ie: user joe can come from anywhere, pending they have joes.ppk

user jim can only come from pending they have jims.ppk

Does your SSH server allow password authentication, or only public key exchanges?

If your SSH server allows only key exchanges, you can modify/lock down their authorized keys file as so:

from="allowed_host" ssh-rsa ......

If your SSH server allows other types of authentication you can use the pam_access module as so:

Create a file with the following contents:

-:jim:ALL EXCEPT <authorized host(s)>

Add the line: "account required accessfile=</path/to/file/created/in/previous/step>

(above line must be a solid line, it should not wrap)

above other account restrictions in /etc/pam.d/sshd

As always when working with PAM, I recommend a backup of any file you will be changing and 2 root logged in terminal sessions!

Good Luck!