Binding IP to login/password

Binding IP to login/password

Post by Haxo » Sun, 03 Dec 2000 04:00:00



Hello,

I have a simple question and in spite of prescribing various linux related
mail lists i have never seen this one:
How do you bind a login/password to a certain ip?
The common way of allowing and denying access are the /etc/hosts.allow and
/etc/hosts.deny files but
assume an user 'borrows' his login/password to his buddy who also has an
account on the same linux machine.
That means, both are allowed users with authorized ip's in /etc/hosts.allow
but what if I want prevent such misusage?

Another question is if there is a way to gain root access *only* from
specific hosts, which I hopefully define somewhere in /

Regards,
/Haxor

 
 
 

Binding IP to login/password

Post by Jame » Sun, 03 Dec 2000 04:00:00



Quote:> Another question is if there is a way to gain root access *only* from
> specific hosts, which I hopefully define somewhere in /

    You might consider dropping telnet and using SSH instead.

    www.openssh.com

    I'm not sure if there is a way to limit by IP address .. but you can
sure as heck use public / private key systems to set up strict login
policies.

PS:    You cant login directly as root from telnet anyways (based on the
default installation).

-James

 
 
 

Binding IP to login/password

Post by Haxo » Mon, 04 Dec 2000 10:05:54


as a matter of fact i have never in my life used telnet, only ssh, both 1
and 2 ;)
yes, i know you can't login directly as root using unsecure protocols, such
as ftp and telnet.
even when i'm using ssh i always login as user and then gain root by giving
the 'su' command.

ok, so you are telling me there is a way in /etc/ssh/sshd_config to limit
certain logins from certain ip's?




> > Another question is if there is a way to gain root access *only* from
> > specific hosts, which I hopefully define somewhere in /

>     You might consider dropping telnet and using SSH instead.

>     www.openssh.com

>     I'm not sure if there is a way to limit by IP address .. but you can
> sure as heck use public / private key systems to set up strict login
> policies.

> PS:    You cant login directly as root from telnet anyways (based on the
> default installation).

> -James

 
 
 

Binding IP to login/password

Post by Non » Mon, 04 Dec 2000 14:36:44




> as a matter of fact i have never in my life used telnet, only ssh, both 1
> and 2 ;)
> yes, i know you can't login directly as root using unsecure protocols, such
> as ftp and telnet.
> even when i'm using ssh i always login as user and then gain root by giving
> the 'su' command.

> ok, so you are telling me there is a way in /etc/ssh/sshd_config to limit
> certain logins from certain ip's?





>> > Another question is if there is a way to gain root access *only* from
>> > specific hosts, which I hopefully define somewhere in /

>>     You might consider dropping telnet and using SSH instead.

>>     www.openssh.com

>>     I'm not sure if there is a way to limit by IP address .. but you can
>> sure as heck use public / private key systems to set up strict login
>> policies.

>> PS:    You cant login directly as root from telnet anyways (based on the
>> default installation).

>> -James

Isn't there a system login script that executes as each user logs in ?
Couldn't you check the username vs IP in that script and log them out
of they weren't 'ok'.

As for root access why don't you set up an extra SSH server on a seperate port
and then use IPCHAINS to limit access to the hosts you desire...

 
 
 

1. APACHE httpd.conf Access [IP AND IP+login/password]

I want to protect a directory (/www) with IP only, AND IP+password. But How ?
I want a thing like this :

"...
# A user must have a known IP address
Order allow,deny

#No login/password
Allow from xxx.xxx.xxx.xxx
Allow from aaa.aaa.aaa.aaa

#IP & login/password (I know what it's not good syntax !)
<??>
   Allow from yyy.yyy.yyy.yyy
   Require user arthur
</??>

satisfy any
"

Thanks.

2. ANN: JET 4.3 Available (Jumpstart Enterprise Toolkit)

3. HELP!:NT 3.51 has no login: and password: (Dynamically allocated IP's!)

4. Squid, proxy_auth, authentication_program

5. Password sharing with BIND

6. FS/FT: IBM Workstation

7. ldap bind to ad with windows password with umlauts

8. LyX and Linux (Segmentation Fault)

9. Shadow Passwords & BIND v8.1.2?

10. Can't set root password- Password busy error -is not due to temp password file

11. login/tcp: bind: Address already in use?

12. Slow logins to hosts on BIND 9.1.2 network (behind firewall).

13. YP- No login althoug bound