Requiring SSH-key Login Via PAM From Specific IP Ranges
Posted
by Sean M
on Server Fault
See other posts from Server Fault
or by Sean M
Published on 2010-03-16T21:14:44Z
Indexed on
2010/03/16
21:21 UTC
Read the original article
Hit count: 586
I need to be able to access my server (Ubuntu 8.04 LTS) from remote sites, but I'd like to worry a bit less about password complexity. Thus, I'd like to require that SSH keys be used for login instead of name/password. However, I still have a lot to learn about security, and having already badly broken a test box when I was trying to set this up, I'm acutely aware of the chance of screwing myself while trying to accomplish this. So I have a second goal: I'd like to require that certain IP ranges (e.g. 10.0.0.0/8) may log in with name/password, but everyone else must use an SSH key to log in.
How can I satisfy both of these goals?
There already exists a very similar question here, but I can't quite figure out how to get to what I want from that information.
Current tactic: reading through the PAM documentation (pam_access looks promising) and looking at /etc/ssh/sshd_config.
© Server Fault or respective owner