Hosting Provided By

RE: restricting originating IP per user

From: Kim, Anthony <anthony.kim(at)vw.com>
Date: Wed Dec 04 2002 - 14:22:10 EST

Actually, this works for me (OpenSSH-3.4p1) from="10.10.100.5,192.168.*,127.*" ssh-rsa AAAA[rest of key]

-----Original Message-----
From: Robert [mailto:robert@robert.net]
Sent: Monday, December 02, 2002 10:03 AM To: secureshell@securityfocus.com
Subject: restricting originating IP per user

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> What I want is to restrict one user's account to only be able to ssh in

Use the options available in the authorized_keys file. For example:

from="101.202.99.1" 1024 35 124482811179327377929246[..rest of key..]

That limits this key to only be allowed from the specified IP address. Only useful for single IP numbers (you CAN duplicate a key in the authorized_keys file and put a different IP number in for the second instance of the same key, but clumsy for anything more complex than that and may not work in ALL implementations)

Robert Baskerville

Do you need help?

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.2
Comment: www.vistorm.com/pgp

iQGVAwUBPeuBLKLvtZXFYwUMAQIWmwv+Or9cW5ZqnhXS0SvXAjaaQCTO9NOxHEgM LDtJeV+xUJPZvp/BQafJqpYZFKFrgGrAf8LlXX8lqlfFZfXjILJ+1tECNrMKi6wY 0PuJOKdgq7KopCJdPz2AJFL7D9GnvgVlHjXlGUWkAg9gPyH0Om3WV8vL0Sa7HquN vb1rYQ8lpXdAaHitdPnaAJpjZhR+A7SV/CzYJR1JfDJ5IZkcU3icq/Ao7lwj8Z7C yAJhT0N/ApzYYcFhA42LrWaeAuByPDWUxdJus0bnNzTz8dSGaCsLd6vlCi9vQBDH s/QRmYT4E000nPyCswgOEMaavfa54ms2Lcqc4q1IIoTRot0wJf/yfcgsIV21PBXf dSor39X2fVZj3Pf3qLr6PHBkvDdwmhl1DUgUYQD3CJ1jsfJf6xY50OnbzjemJve4 sWEhl1hk57mRlSSjfoWa69kZGDkumQG90DhVEMqGfklr7S9yP4CisWf6UzSe2iUe +hgbAG/VsVmohYXGnUrlg+uZ/SREAO61
=6s9I
-----END PGP SIGNATURE-----

DISCLAIMER: The information transmitted may contain confidential material and is intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination or other use of or taking of any action by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please delete the information from your system and contact the sender.

Received on Wed Dec 4 19:00:31 2002

This message: [ Message body ]
Next message: Mark Langlois: "Re: ssh_exchange_identification error"
Previous message: Roger Villemaire: "cannot connect"
Maybe in reply to: Robert: "restricting originating IP per user"
In reply to Greg Wooledge: "Re: Restrict a SSH account to a single IP"
Next in thread: Attica: "RE: restricting originating IP per user"
Reply: Attica: "RE: restricting originating IP per user"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:51 EDT