[Bug 2379] New: [RFE] sshd Match based on my IP address

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Apr 14 01:19:46 AEST 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2379

            Bug ID: 2379
           Summary: [RFE] sshd Match based on my IP address
           Product: Portable OpenSSH
           Version: 6.9p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: riehecky at fnal.gov

Description of problem:
I would like to further extend the Match directive to include my
ServerIP.

I have a system with several IP addresses on several networks, many of
which are not easily captured by the 'from Host/IP' settings.  The
systems have an IP address they pass back and forth for HA reasons.

For example:

myhost.example.com has 4 interfaces, A is 203.0.113.100/2001:db8::a3, B
is 10.2.6.8, C is 172.16.12.24, D is 198.51.100.100

I wish to set a firm rule that, no matter the origin, any connection to
A must use Public Key auth - and not password auth.  Similarly I've
specific connection requirements on all connections on B, C, and D
which themselves differ from each other (say: B allows TCP forwarding,
C only permits some users, D permits root login).  With both A and D
having public IP addresses, I cannot distinguish between clients based
only on their origin information.


Expected results:

Something like:
Match ServerAddress 203.0.113.100
  PasswordAuthentication no

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list