Re: prompt or not prompt for the password depending on the user
- From: per@xxxxxxxxxxxx (Per Hedeland)
- Date: Fri, 22 Jun 2007 08:57:21 +0000 (UTC)
In article <1182473265.513197.19840@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
wong_powah@xxxxxxxx writes:
On Jun 21, 3:55 pm, p...@xxxxxxxxxxxx (Per Hedeland) wrote:
With PubkeyAuthentication, you could set up that user's
~/.ssh/authorized_keys with the *user's* public key, and the added
restriction of a from= option. But then normally nothing prevents that
user from removing that restriction, or other users from putting
whatever they want in their ~/.ssh/authorized_keys. Of course this
situation is the default in most sshd installations.
All of the above applies to OpenSSH, don't know about others, you didn't
say what SSH implementation you were asking about.
I use PubkeyAuthentication on OpenSSH.
After the user login, then a special program (instead of the default
shell) will start, parse the user commands and do only what is allowed
for that user.
Then the user cannot change its setting.
OK, that possibility is why I sprinkled all those "normally" over the
text. Then PubkeyAuthentication set up as above should be fine - see the
sshd man page for the details of the format to use in authorized_keys.
--Per Hedeland
per@xxxxxxxxxxxx
.
- References:
- Re: prompt or not prompt for the password depending on the user
- From: Per Hedeland
- Re: prompt or not prompt for the password depending on the user
- From: wong_powah
- Re: prompt or not prompt for the password depending on the user
- Prev by Date: OpenSSH on 2 servers in cluster (fail over mode)
- Next by Date: Re: OpenSSH on 2 servers in cluster (fail over mode)
- Previous by thread: Re: prompt or not prompt for the password depending on the user
- Next by thread: Public key authentication impossible w/SSH client on Vista
- Index(es):
