Restricting users using one port
Damien Miller
djm at mindrot.org
Sun Oct 9 21:50:05 EST 2011
On Sun, 9 Oct 2011, Alex Bligh wrote:
> I have ssh running on port 22 and (say) port 33333. Port 22 is restricted at
> layer 3 so not much can get to it. Port 33333 is open to the world.
>
> I only want to allow one user to authenticated using port 33333, but
> all users to authenticate using port 22.
>
> Is there any way to do this without running 2 sshd processes?
At the moment, no. It might be possible to add more Match options to
select using the local connection address and port. E.g.
Match user djm laddr 172.16.0.1 lport 33333
PasswordAuthentication yes
PubkeyAuthentication yes
ChallengeResponseAuthentication yes
Match laddr 172.16.0.1 lport 33333
PasswordAuthentication no
PubkeyAuthentication no
ChallengeResponseAuthentication no
Darren wrote most of the Match code - what do you think, Darren?
-d
More information about the openssh-unix-dev
mailing list