Prev: LightScribe
Next: Adware 911 - Run Linux and never be infested again! - www.Adware911.com
From: kunt on 9 Apr 2008 14:18
With sshd_config or PAM or some other "neat" way:
is it possible to allow a few (particularly privileged) users to log in
via ssh only from a specific host, while allowing all other (less
important) users to log in via ssh from any host?

Thank you
From: Joachim Mæland on 9 Apr 2008 14:28
On Wed, 09 Apr 2008 20:18:38 +0200, kunt wrote:

> With sshd_config or PAM or some other "neat" way: is it possible to
> allow a few (particularly privileged) users to log in via ssh only from
> a specific host, while allowing all other (less important) users to log
> in via ssh from any host?

man sshd_config

Check DenyUsers, AllowUsers, DenyGroups and AllowGroups..!

--
Regards/mvh Joachim Mæland

If everything seems under control, you're just not going fast enough.
-Mario Andretti
From: Davorin Vlahovic on 9 Apr 2008 14:33
On 2008-04-09, kunt <kunt(a)no.net> wrote:
> With sshd_config or PAM or some other "neat" way:
> is it possible to allow a few (particularly privileged) users to log in
> via ssh only from a specific host, while allowing all other (less
> important) users to log in via ssh from any host?

check out /etc/hosts.allow and /etc/hosts.deny. tcpwrappers rule[1] :)


[1] until you get into crosshair of a person which knows how to fake ip
address :)
--
ISO: I $old Out (formerly known as International Organization for
Standardization)
From: "goarilla "kevin punt>paulus|" on 9 Apr 2008 14:42
Davorin Vlahovic wrote:
> On 2008-04-09, kunt <kunt(a)no.net> wrote:
>> With sshd_config or PAM or some other "neat" way:
>> is it possible to allow a few (particularly privileged) users to log in
>> via ssh only from a specific host, while allowing all other (less
>> important) users to log in via ssh from any host?
>
> check out /etc/hosts.allow and /etc/hosts.deny. tcpwrappers rule[1] :)
>
>
> [1] until you get into crosshair of a person which knows how to fake ip
> address :)
how is spoofing source address of any use if he cant relay the replies
of the server
back to his own workstation ?

i dont see the point in spoofing ip adressess in
switched networks this day ... he'll need to compromise the
ip address he's trying to spoof to relay the replies
and even then why would you even spoof address and sent from
your own workstation if you've compromised the priveledged
host?
From: Davorin Vlahovic on 9 Apr 2008 15:51
On 2008-04-09, goarilla <"kevin<punt>paulus|"@|skynet <"punt>> wrote:
> i dont see the point in spoofing ip adressess in
> switched networks this day ... he'll need to compromise the
> ip address he's trying to spoof to relay the replies
> and even then why would you even spoof address and sent from
> your own workstation if you've compromised the priveledged
> host?

Yeah, sure. :P

http://en.wikipedia.org/wiki/ARP_spoofing

--
ISO: I $old Out (formerly known as International Organization for
Standardization)
 |  Next  |  Last
Pages: 1 2
Prev: LightScribe
Next: Adware 911 - Run Linux and never be infested again! - www.Adware911.com