|Main Archive Page > Month Archives > openssh-unix-dev archives|
I try to find a way to handle SSH connections differently depending if it comes from a 'trusted" computer or from an unknown computer (for instance giving access to a shell versus allowing only scp/sftp in a chrooted environment).
Using the IP address is not a solution since a trusted computer can be a laptop that is connected somewhere on Internet.
One solution could be to use the client public key fingerprint; the server would then keep a white list of public key fingerprints that represent the trusted computers.
However I can't find a way to implement this.
I tried with the Match directive, but this one doesn't take such parameter
I tried too with a ForceCommand, but fount no way to configure sshd to transmit the public key fingerprint to the script.
Is there any way to do that?
Thanks a lot for your help,
openssh-unix-dev mailing list