Re: Batch and password access depending on hosts

From: Richard E. Silverman (res_at_qoxp.net)
Date: 01/16/05


Date: 16 Jan 2005 14:17:22 -0500


You could configure publickey or hostbased authentication for these
accounts, restricted to the source addresses of the appropriate hosts.
Theses methods would fail for outside for connections, which would then
fall back to password authentication.

As for preventing users from modifying the authorization files: if you use
hostbased authentication, you can set ignore IgnoreRHost and
IgnoreUserKnownHosts. For publickey, you could set AuthorizedKeysFile and
place the authorization files outside user home directories (assuming your
version of OpenSSH supports this); however, this would apply to all
accounts.

Tectia allows greater flexibility in server configuration: you can have
completely different server settings based on the source address of the
connection.

-- 
  Richard Silverman
  res@qoxp.net