restricting ssh login based on IP
Cassius V. de Magalhaes
cassius at cassius.vinicius.nom.br
Sun Feb 27 00:11:30 UTC 2011
Em 26/02/2011 02:38, Tapas Mishra escreveu:
> Hi,
>
> I would like to allow a user to login through SSH but with different
> permission coming from different ipaddress.
>
> For example, a user "tester" login to SSH through 192.168.1.1 and
> another user login with the same login id "tester" but from different
> ip 192.168.1.2.
>
> How do I restrict 192.168.1.2 to only allow for viewing the content in
> the home directory while giving 192.168.1.1 full access?
>
>
> I got a suggestion from some one
>
> Approach 1)
> Based on the ip you change the shell. If it's just for read only a
> jail would be fine.
>
> but how do I change shell based on IP?
>
> Approach 2)
>
> to have two ssh instances. Let's say port 22 and port 24. Port 22 is
> for read only, while port 24 is for full access
>
> so how can it be possible to give port 22 only read only access to SSH
>
>
>
>
>
Hello,
First idea:
See "section 3.2.1. /etc/exports" of "3. Setting Up an NFS Server"
(http://nfs.sourceforge.net/nfs-howto/ar01s03.html).
And then section 4.
You can tunnel NFS over SSH.
Second idea:
You can use PAM with SSH, so I think a PAM module can be created with
your needs.
As already said by Steve Lamb, SSH is a mean not the end (in my words).
Regards.
More information about the ubuntu-users
mailing list