openssh-unix-dev October 2011 archive
Main Archive Page > Month Archives  > openssh-unix-dev archives
openssh-unix-dev: Handing connection depending on the client com

Handing connection depending on the client computer public key fingerprint

From: Mike Spinzer <mspinzer_at_nospam>
Date: Fri Oct 21 2011 - 20:40:30 GMT
To: "openssh-unix-dev@mindrot.org" <openssh-unix-dev@mindrot.org>

Hello,

I try to find a way to handle SSH connections differently depending if it comes from a 'trusted" computer or from an unknown computer (for instance giving access to a shell versus allowing only scp/sftp in a chrooted environment).
Using the IP address is not a solution since a trusted computer can be a laptop that is connected somewhere on Internet.
One solution could be to use the clientpublic key fingerprint;the server would then keep a white list of public key fingerprints that represent the trusted computers.

However I can't find a way to implement this.
I tried with the Match directive, but this one doesn't take such parameter
I tried too with a ForceCommand, but fount no way to configure sshd to transmit thepublic key fingerprint to the script.

Is there any way to do that?

Thanks a lot for your help,

Mike S.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev