0

We're implementing RHEL 6.3 and looking to use the dual authentication mechanism provided by

RequiredAuthentications2 publickey,password

referenced here.

What I'm wondering is if it's possible to only apply this to connections from a certain subnet e.g. coming in externally via firewall and just use password for other (internal) connections?

I'd like to configure two virtual machines for this remote access (gateways), but would like it if a user connects and logs into one of these machines that they could then scp (for example) to the other machine, across the internal network, without requiring another private key.

If sshd could chose authentication mechanism based on where the user was connecting from that would be ideal.

Dazed
  • 256
  • 2
  • 10

1 Answers1

2

The RequiredAuthentications2 directive can be used inside a Match block, so you can use something like this:

Match Address *,!192.168.0.0/16
    RequiredAuthentications2 publickey,password
mgorven
  • 30,615
  • 7
  • 79
  • 122
  • Thanks, that looks like the very thing - and I see it in the manual now!! +1 (if I'm allowed) – Dazed Mar 15 '13 at 08:41
  • 1
    I found that I couldn't get this to work on my RHEL 6.3 setup. All routes required a key authentication as well. Looks like there's a bug in OpenSSH [link](https://bugzilla.redhat.com/show_bug.cgi?id=869903), which is fixed in openssh-5.3p1-84.1.el6 – Dazed Mar 21 '13 at 11:20
  • And works in openssh-5.3p1-84.1.el6! Thanks again for the pointer – Dazed Mar 21 '13 at 21:00