[Freeipa-users] SSH access to only specific hosts useding ssh keys
Jakub Hrozek
jhrozek at redhat.com
Mon Apr 10 06:17:06 UTC 2017
On Mon, Apr 10, 2017 at 12:04:58AM -0400, Tym Rehm wrote:
> Hey all, New user here.
>
> I have a user "user1" that I want to allow a couple of different users
> "userX and userY" to be allowed to ssh into "server1" and "server2", but
> not both servers using ssh-keys.
>
> So as an example. UserX will ssh user1 at server2 with ssh-key, but I don't
> want userY to be able to successfully run the same command.
>
> I currently have userX and userY's public ssh-key attached to user1 and I
> have created a HBAC rule to allow user1 to connect with ssh on both server1
> and server2. This is allowing user1 to connect to both servers fine,
> without a password. It also is allowing users (X & Y) to ssh user1 at server1
> and user1 at server2.
>
> How can stop that to restrict userX to be able to ssh as user1 on server1,
> but not server2?
>
> Do I need to do something with the keytabs or add the ssh-keys for userX to
> the server1 host only?
I'm honestly not sure if I understand the problem well, but would it be
helpful to add SSH keys to an ID view that is attached to one of the
servers only?
More information about the Freeipa-users
mailing list