Re: key or password based on IP

From: Bill Keegan (billk_at_umpire.dhs.!spam.org)
Date: 02/25/04

• Next message: Bill Unruh: "Re: Proposed enhancement to scp"
• Previous message: Steve Turner: "Re: Proposed enhancement to scp"
• In reply to: Darren Tucker: "Re: key or password based on IP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 25 Feb 2004 17:33:05 GMT

Darren Tucker wrote:
> In article <c6kZb.576140$ts4.562916@pd7tw3no>,
> Bill Keegan <billk@umpire.dhs.!spam.org> wrote:
>
>>I would like to force ssh authentication to:
>>
>>password for intranet users (192.168.0) and
>>key (or key and password) for all others, e.g. internet
>>
>>Does anybody know how to do this?
>
>
> (OpenSSH 3.1p1)
>
> You can run multiple copies of sshd with different options (on different
> ports) and use a firewall to restrict access to each.
>

Thanks for the reply. This weekend I found Barrett and Silverman's site
http://www.snailbook.com/faq/auth-source.auto.html where this is
answered. I was able to set it up and it does exactly what I wanted. I'm
  using two ports instead of two nic's but my firewall forwards it
correctly.

Slightly off topic, I'm using RH 7.3 and webmin, would I be better off
trying to start/stop these services:

1) together in the same init script, adding additional lines for the
second instance? I feel webmin would no longer be effective for this
service or

2) copy sshd, init scripts, etc. to sshd-somethingelse and maintain two
copies of everything.

So far I've only cloned the webmin sshd module and the second
configuration file and webmin works fine for configuration info but I
think that in starting and stopping the service either module will try
to stop all instances of 'sshd' without restarting both of them.

bill

Remove !spam when replying.

• Next message: Bill Unruh: "Re: Proposed enhancement to scp"
• Previous message: Steve Turner: "Re: Proposed enhancement to scp"
• In reply to: Darren Tucker: "Re: key or password based on IP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SSH newbie questions ... Since you didn't restart sshd after changing the configuration file, the PID file wasn't created. ... It appears now because, in rebooting your machine, you also restarted sshd, which read teh new configuration file changes, and created the PID file. ... (comp.sys.mac.system) Re: SSH newbie questions ... It gets created when sshd starts. ... changing the configuration file, the PID file wasn't created. ... as root, then an sshd process starts, and the .pid file is created. ... (comp.sys.mac.system) Re: Question restricting ssh access for some users only ... > Hmm, looks like sshd does not consult this file! ... login.confis indeed the configuration file for loginwhich is ... Jeremie Le Hen ... (FreeBSD-Security) Re: Prevent users from leaving home ... Peter Koutsoulias wrote: ... > logging in via the sshd? ... I couldn't find anything in the configuration file ... (SSH)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint