[lug] Cracking attempts via SSH (somewhat OT)
David Anselmi
anselmi at anselmi.us
Thu Sep 9 19:08:01 MDT 2004
Ben Luey wrote:
> On the subject of ssh logins and security, I'm trying to reduce the number
> of accounts that have remote ssh access to a server, and so I installed
> scponly. Scponly gives users scp / sftp access but no shell access and
> chroots to their home directory. This is great, but I would like some
> users to have ssh login access from inside our firewall, but because
> scponly is installed as their shell, I don't know how to do this. Is it
> possible to somehow have a host specific shell?
The authorized keys file might do this. You can specify hosts that are
allowed or disallowed to use a key, and a command to execute for the key.
Perhaps you can make an entry for internal hosts with no command
(regular shell access) and one for external hosts with scponly as the
command, both using the same key.
If that doesn't work, you can always use two keys, one for scponly and
one for any command (and usable only internally).
You might check with the scponly developers and see if anyone has
thought of adding this feature or if they have a better approach.
Dave
More information about the LUG
mailing list