Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hint to restrict authorized_keys to known DNS Names and IPv4/IPv6 adresses #5

Open
fsteinel opened this issue Jan 7, 2015 · 1 comment
Open

hint to restrict authorized_keys to known DNS Names and IPv4/IPv6 adresses #5

fsteinel opened this issue Jan 7, 2015 · 1 comment

Comments

@fsteinel
Copy link

fsteinel commented Jan 7, 2015

while hardening my authorized_keys to known DNS Names and IPv4/IPv6 addresses, i found a hwoto on University of Cambridge - Computer Laboratory: Using SSH to connect to the Lab .
It is also possible to disable ssh functions per public key like "no-X11-forwarding"
Example:

from="localhost.localnet,localhost.localdomain,*.dialup.example.com,203.0.113.0/24,2001:DB8::/32",no-X11-forwarding ssh-rsa AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== [email protected]

(example uses IPv4 TESTNET-3 from RFC5737 and IPv6 from RFC3849 with a comment)
@stribika
Copy link
Owner

stribika commented Jan 7, 2015

If you have an SSH hidden service then you will see everyone connecting from localhost. Restricting features for keys is still useful, thanks.

@stribika-rdonly stribika-rdonly mentioned this issue Jan 9, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fsteinel @stribika