cidr matching
Gert Doering
gert at greenie.muc.de
Sat May 8 19:48:04 EST 2004
Hi,
On Sat, May 08, 2004 at 09:47:00PM +1000, Darren Tucker wrote:
> If the same matcher was used from the hypothetical
> AuthenticationsForUser, you could then say things like "allow password,
> hostbased or public key for connections from the local net, but require
> password+pubkey for connections from the rest of the Net", thusly:
>
> AuthenticationsForUser * password,public-key,hostbased 192.168.0.0/22
> AuthenticationsForUser * password+public-key
This is something that would be very (VERY) valuable for us.
AuthenticationsForUser * password,public-key,hostbased 192.168.0.0/22
AuthenticationsForUser * password+skey
(*If* they want to login from home, or from "somewhere on the road
that might possibly be keyboad-sniffed", fine, but they need to use a OTP
for that)
gert
--
Gert Doering
Mobile communications ... right now writing from * back at home *
More information about the openssh-unix-dev
mailing list