restricting ssh login based on IP

Cassius V. de Magalhaes cassius at cassius.vinicius.nom.br
Sun Feb 27 00:11:30 UTC 2011


Em 26/02/2011 02:38, Tapas Mishra escreveu:
> Hi,
>
> I would like to allow a user to login through SSH but with different
> permission coming from different ipaddress.
>
> For example, a user "tester" login to SSH through 192.168.1.1 and
> another user login with the same login id "tester" but from different
> ip 192.168.1.2.
>
> How do I restrict 192.168.1.2 to only allow for viewing the content in
> the home directory while giving 192.168.1.1 full access?
>
>
> I got a suggestion from some one
>
> Approach 1)
>   Based on the ip you change the shell. If it's just for read only a
> jail would be fine.
>
> but how do I change shell based on IP?
>
> Approach 2)
>
>   to have two ssh instances. Let's say port 22 and port 24. Port 22 is
> for read only, while port 24 is for full access
>
> so how can it be possible to give port 22 only read only access to SSH
>
>
>
>
>

Hello,

First idea:
See "section 3.2.1. /etc/exports" of "3. Setting Up an NFS Server" 
(http://nfs.sourceforge.net/nfs-howto/ar01s03.html).

And then section 4.

You can tunnel NFS over SSH.


Second idea:
You can use PAM with SSH, so I think a PAM module can be created with 
your needs.

As already said by Steve Lamb, SSH is a mean not the end (in my words).


Regards.




More information about the ubuntu-users mailing list