First off, thank all of you for your replies. Since I was unable to find a standard way to achieve what I wanted, I've developed a set of patches for OpenSSH 3.7.1p1. The patch adds a new configuration option, by which you can define what authentication methods are available for a given <user|group, host> twin. Unfortunately, I will only work for protocol versions 1.99 and above. If you're interested, just drop me an e-mail.
On Wed, Nov 12, 2003 at 10:23:08AM -0600, David Ehle wrote: > > Hmm, just occured to me that you could do the following, though I think it > would be considered a kludge. Run 2 sshd daemons on different ports. On I think I'll choose this approach in the long run anyway. Having a separated daemon for the powerusers (including me in this context) seems reasonable, so that I won't be locked out if the "public" sshd gets DoSed somehow. > This would mean however that you power users would need to custom > configure their ssh clients to talk to your oddball port. Kind of > inconvenient... Packet filters are more of my concerns. Probably a few REDIRECT rules will be needed. bit, adam -- 1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989 finger://[EMAIL PROTECTED] | Some days, my soul's confined http://www.keyserver.net | And out of mind Sleep forever -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
