On 02 May 2003, Hans van Leeuwen wrote: > I have decided to do this thrue SSH by putting the client key in > authorized_keys2. But this seems a little risky, so I was wondering if > it was possible to get sshd to only allow the client MAC-address.
If these remote users always connect from the same IP address, then you should put this into authorized_keys: from="hostname or ip" ssh-rsa ...public-key... It is also possible to further restrict this connection. Something like command="/etc/init.d/bind restart",from="..." ssh-rsa ... will restart bind for every such connection without giving the user any other possibilities. Check sshd(8) for more options. Oliver
