Re: User at host



What im wondering is, how can i make it so a user+public key will only
authenticate if the connection is coming from a certain host?

ie: user joe can come from anywhere, pending they have joes.ppk

user jim can only come from 10.10.10.10/32 pending they have jims.ppk

Does your SSH server allow password authentication, or only public key exchanges?

If your SSH server allows only key exchanges, you can modify/lock down their authorized keys file as so:

from="allowed_host" ssh-rsa ......

If your SSH server allows other types of authentication you can use the pam_access module as so:

Create a file with the following contents:

-:jim:ALL EXCEPT <authorized host(s)>

Add the line: "account required pam_access.so accessfile=</path/to/file/created/in/previous/step>

(above line must be a solid line, it should not wrap)

above other account restrictions in /etc/pam.d/sshd

As always when working with PAM, I recommend a backup of any file you will be changing and 2 root logged in terminal sessions!

Good Luck!

Barry