Match rules question
Ben Lindstrom
mouring at eviladmin.org
Wed Mar 25 06:56:32 EST 2009
Currently I see that "PubkeyAuthentication" is currently excluded as
being usable with the Match command in 5.1 and 5.2. Is there a reason
for this? There is a discussion in-house where we'd like to do:
PubkeyAuthentication no
Match Address [INTERNAL-IP-LIST]
PubkeyAuthentication Yes
The main reason is these are DMZ boxes where the primary
authentication method should be RSA keyfobs, but there is a need for a
few accounts (from the internal network only) to allow Public key
authentication to push files.
Looking at the list of what is acceptable to use with the Match
command I can't find anything else that would let me do this.
Suggestions for the short term (short of running two SSH servers)?
And would it accepted to get that added to the Match support?
- Ben
More information about the openssh-unix-dev
mailing list