Date: Thu, 13 Dec 2001 10:21:09 -0600 From: Rob Andrews <rob@cyberpunkz.org> To: freebsd-security@freebsd.org Subject: Question about sshd... Message-ID: <20011213102109.A18375@switchblade.cyberpunkz.org>
next in thread | raw e-mail | index | archive | help
--7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I am wondering if there is a way or if there has been consideration of a way to impliment login permissions based upon user authentication via sshd (openssh 3.0.2) The reason I am asking is because I want to force all staff members to login through the system based upon their generated keypairs such as a RSA or DSA keypair. Users since they have very limited access I am not as worried about an account compromise. But if a staff users account on a machine is compromised then I at least want someone to have to have worked for it to even get logged into the system. I'd heard talk from someone else that they were interested in patching opensshd to do just this. so you could create a rule in the config for an allowed user and say a 'without-password' option such as there is allowed for root. Any ideas? :) Thanks, --=20 ::::::::::::=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D------------= --------- :|Robert Andrews :|Cyberpunk Alliance http://www.cyberpunkz.org :|Minneapolis, MN Email: rob@cyberpunkz.org Office: 763-535-6392 :::::::::::::::::::::::::::=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D------------------------- --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8GNVvAXwJ9YLqJJURAgd0AJ9cGibreJHVlh3y/LTnufhhmaElpQCeNvIS L6x5MbemIgngkuWp26OGgKA= =weup -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011213102109.A18375>