Handing connection depending on the client computer public key fingerprint
mspinzer at yahoo.com
Sat Oct 22 07:40:30 EST 2011
I try to find a way to handle SSH connections differently depending if it comes from a 'trusted" computer or from an unknown computer (for instance giving access to a shell versus allowing only scp/sftp in a chrooted environment).
Using the IP address is not a solution since a trusted computer can be a laptop that is connected somewhere on Internet.
One solution could be to use the client public key fingerprint; the server would then keep a white list of public key fingerprints that represent the trusted computers.
However I can't find a way to implement this.
I tried with the Match directive, but this one doesn't take such parameter
I tried too with a ForceCommand, but fount no way to configure sshd to transmit the public key fingerprint to the script.
Is there any way to do that?
Thanks a lot for your help,
More information about the openssh-unix-dev