[svlug] SSH PAM and access control
Jarl Nilsson
svlug at thinkgland.com
Mon May 17 11:36:26 PDT 2010
You might be able to set something up using
Match address 192.0.2.0/24,3ffe:ffff::/32,!10.*
PasswordAuthentication yes
Do you have a reason other than separating users to use two ssh daemons?
On 05/16/2010 05:28 PM, James Sparenberg wrote:
> On 05/16/2010 05:25 PM, James Sparenberg wrote:
>
>> All,
>>
>> OK situation is. We have a system that from the LAN on port 22 we
>> want to have "normal" ssh access. (username and password) However
>> from outside the LAN we want to limit it to a smaller subset of users,
>> and have these users access by ssh-key pair only.
>>
>>
>> What I have done is setup a second ssh daemon running on say port
>> 2222, that operates via key pair only. What I'm having trouble with is
>> figuring out how to configure PAM or other access control that allows
>> for each of these ssh daemons to operate independently. Unfortunately
>> they both seem to come back to the same PAM parameters and it doesn't
>> allow for access control by port only by system.
>>
>> Has anyone out there ever set something up that meets these needs, or
>> am I just going to have to put the sshkey version on a VM and run from
>> there?
>>
>> James
>>
>> _______________________________________________
>> svlug mailing list
>> svlug at lists.svlug.org
>> http://lists.svlug.org/lists/listinfo/svlug
>>
>>
>>
> Additional Info .... Running on CentOS 5.4, and not all users with
> normal access will be authorized external access.
>
>
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug
>
More information about the svlug
mailing list