Force S/Key for all but known hosts?
Gert Doering
gert at greenie.muc.de
Fri Aug 31 00:55:35 EST 2001
Hi,
I'm not sure if what I'm thinking of is doable with current OpenSSH's,
and if yes, how.
I want to force our users to use S/Key-Authentication, but only if they
do not come from "known hosts". "known hosts" could be hosts that
are listed via IP address ("network 192.168.0.0/24") or hosts that are
listed in ssh_known_hosts - this doesn't really matter, the important
thing is:
- known hosts -> password authentication is OK
- unknown hosts -> only S/Key authentication is permitted
is that possible?
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
More information about the openssh-unix-dev
mailing list