by host
host="1.2.3.4"... in ~/.ssh/authorized_keys2
by command
command="/usr/local/sbin/mycheckit"...
in authorized_keys2
The older versions SSH-1.2X allowed for the practical AllowHosts directive in /etc/ssh/sshd_config, they are compiled it with TCP Wrappers (libwrap) so you should be able to use /etc/hosts.(deny,allow).
Now if you suspect it isnt set up with wrappers just compile your own --with-tcp-wrappers.
You can also add allowed IP's to iptables/ipchains for that extra edge :-].
What I do is add a file with a single IP per line, then add a bi-directional rule in the script, like:
for host in $(/bin/cat /etc/hosts.ssh); do $host; done
Keeps the script clean, and all allowed IP's easily accessable.
Last edited by Gerardoj; 08-22-2003 at 02:16 PM.
|