restrict server access by mac address?

stinkpot · 11-21-2005, 06:55 AM

hi all,

does anyone know if there's a way to restrict ssh/sftp logins using MAC address? i'm setting up a fileserver and i feel uncomfortable using usernames and passwords - those things are so easily shared.

thanks!
- ld

Moloko · 11-21-2005, 03:29 PM

Use iptables to allow specified MAC addresses to connect to the SSH port.

Hangdog42 · 11-21-2005, 05:14 PM

However, you should be aware that MAC addresses are not secure or stable. They aren't preserved as a packet traverses the Internet and they are trivial to spoof. If you want to restrict ssh access to specific machines, using key-based authentication is a much better idea.

stinkpot · 11-21-2005, 09:23 PM

sorry - how exactly do i go about using key-based authentication? can windows users run something like ssh-keygen? (if you could even point me to an introductory website, i'd be much obliged.)

Hangdog42 · 11-22-2005, 07:05 AM

There is a very good tutorial in the LQ tutorials section. The writer used Slackware, but the commands should work on any distro. For Widows, if you did a full download of Putty, there is a key generation program that comes with it and instructions on how to set it up can be found on the Putty site (and you can always search and ask here if you run into trouble).

The only difficulty with the Putty keys is that it adds a lot of useless text that you have to remove and you need to put the key on a single line (remove all carriage returns). The ssh daemon is kind of picky about the key format in Linux, so you do have to be careful when editing the Putty generated key.