[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
OpenSSH enhancement (restricting the scope of user keys)...
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: OpenSSH enhancement (restricting the scope of user keys)...
- From: Tobias Weingartner <weingart_(_at_)_cs_(_dot_)_ualberta_(_dot_)_ca>
- Date: Tue, 17 Oct 2000 11:01:18 -0600
After trying to solve a small problem that we have here at work, I found
myself wishing for a feature in OpenSSH which I think could be usefull to
other people as well. I bring this up such that someone can point out
the foolishness of this thought, before it festers, and causes me ulcers.
The thought it quite a simple one. How to limit the scope of keys. I'd
like to allow certain private keys to login to a machine as a user, but
only if the key comes from either a certain domain (cs.ualberta.ca), or
a certain set of RSA host keys (my home machine, etc). The shosts mechanism
does not help/work in this case. Also, AllowUsers/DenyUsers is global on
the local user, not specific to one particular user. At the current time,
as I understand it, I seem not able to do this.
Note, I do not wish to restrict other users, but just this one particular local
user (root, operator, etc). Any thoughts on how to do this? Does it require
coding, or can it be done using existing mechanisms?
Visit your host, monkey.org