I have a ubuntu server which I scp files to often. It is setup for password-less authentication using a key I have on the server. Is it possible to tie a mac address to the key so that only my client can login with it?
Asked
Active
Viewed 4,978 times
0
-
2Why would you want to do that? If you have set it up for password-less authentication, only your private key can log in. That is much better than a MAC address. – Oliver Jun 20 '12 at 14:21
-
Also, MAC address restriction can be done only in iptables (restrict mac addresses that can connect to the ssh port (22 by default)), so you cannot tie it to a user name/key – addam Jun 20 '12 at 14:28
2 Answers
2
No.
SSH keys are a public/private key authentication pair. They know nothing of networks1.
Further, the SSH server has no clue what the MAC address of a client is. Its knowledge of the network ends at TCP/IP. There is no reason it would need the MAC address of its clients, and it wouldn't be available for all clients anyway (think about hosts that are not on the local subnet).
1Exception: Host keys are usually associated with the IP address or hostname of the host they belong to, via the known_hosts file -- This association isn't strictly necessary for SSH to function, it's just added security to make sure you're connecting to the machine you think you're connecting to.
voretaq7
- 79,879
- 17
- 130
- 214
0
Short answer yes, but only through IPTables. This is definitely not what you're looking for as it's has nothing to do with your key, only firewall filtering.
Here's a page on using ssh keys with Ubuntu. It's very easy to do once you have done it once.
- Create Key on client
- Copy public key to server
- Login with private key from client
After that, you simply keep your private key secret (unique to that client)
ZnArK
- 629
- 4
- 11