LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-11-2011, 04:20 PM   #1
jimdaworm
Member
 
Registered: Aug 2003
Location: Spain
Distribution: Ubuntu
Posts: 895

Rep: Reputation: 30
SSH force public key only for internet connections


Hi Everyone

I am wondering if it is possible to force internet/external SSH connections to authenticate with a public key and allow local connections to connect via user and password?

Saludos
 
Old 04-11-2011, 09:12 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911
As ssh has no notion of different interfaces (and if you had
external connections forwarded via NAT it would be pretty much
impossible all together) the answer is no; you could compile
a separate sshd w/ a directory structure of its own, a port
to itself, and only permit one form of authentication on that.



Cheers,
Tink

Last edited by Tinkster; 04-11-2011 at 09:14 PM.
 
1 members found this post helpful.
Old 04-11-2011, 09:30 PM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.10, Centos 7.5
Posts: 17,569

Rep: Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426Reputation: 2426
Actually, looking at the home pages for sshd_config http://www.openbsd.org/cgi-bin/man.c...nfig&sektion=5 it seems to me that you should be able to use the 'Match' keyword, as Authentication types are allowed to be specified inside a Match block.
 
Old 04-12-2011, 01:00 AM   #4
jimdaworm
Member
 
Registered: Aug 2003
Location: Spain
Distribution: Ubuntu
Posts: 895

Original Poster
Rep: Reputation: 30
Thanks Tinkster.

Its good to see your still helping people after so many years on this forum! The internet connections will be forwarded via NAT so I understand what your saying, all connections are really coming from the LAN as far as the SSH server is concerned.

Thanks for your input too chrism01, thats an interesting option that I didnt know existed I will keep that in mind is case its useful in the future.
 
Old 04-12-2011, 01:39 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,394
Blog Entries: 55

Rep: Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565
Quote:
Originally Posted by Tinkster View Post
you could compile a separate sshd w/ a directory structure of its own, a port to itself, and only permit one form of authentication on that.
If you want to run a separate sshd you just need to supply a different config file, right? I mean that's what I do for running a backup sshd out of Xinetd...
 
Old 04-12-2011, 02:02 PM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911
Quote:
If you want to run a separate sshd you just need to supply a different config file, right? I mean that's what I do for running a backup sshd out of Xinetd...
You could, but wouldn't they use the same lock file? I thought that's compiled in.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
open-ssh vs. commercial ssh (tru64), public-key auth not possible? cf050 Linux - Networking 8 03-28-2012 12:15 PM
Putty/SSH login failed when using RSA public key: 'Server refused our key' itsecx@gmail.com Linux - Server 10 10-04-2010 02:19 PM
force ssh to use key AND password frznchckn Linux - General 1 05-05-2009 02:55 PM
ssh with public key authorisation dasy2k1 Linux - Networking 5 09-13-2006 01:26 PM
ssh using public key jkmartha Linux - Networking 1 05-04-2005 03:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 05:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration