Match vs. ChallengeResponseAuthentication?
Chris Pepper
pepper at cbio.mskcc.org
Fri Oct 30 03:01:59 EST 2009
Hello,
We'd like to allow passwords only from the local network, and allow public key auth from on-campus or off-campus. The server runs SuSE Linux, and we might do the same on RHEL/CentOS & Mac OS X if we can get it to work.
Unfortunately, Match allows PasswordAuthentication but not ChallengeResponseAuthentication. Is there any reason ChallengeResponseAuthentication cannot be supported in this context?
Plan B is to run 2 different sshd servers on different ports, and direct users to the appropriate one via iptables, but that's much more complicated.
Thanks,
Chris
--
Chris Pepper: <http://cbio.mskcc.org/>
<http://www.extrapepperoni.com/>
More information about the openssh-unix-dev
mailing list