nader napisal(a):
>
> i want to restrict ssh access to an ipfiltered host
> in a fixed IP network.
> But i want to ssh to this host from home (DHCP).
> I thought about allowing ssh access from a host with
> my MAC address. Is it possible to do with ipfilter?
> Does anyone hast another idea?
It's not possible to filter by MAC address, since MAC addresses aren't
transfered outside the local network. If you are connecting from a remote
site, the only thing you know is an IP and domain address.
Probably you can get a fixed domain address by using dynDNS services like
www.no-ip.com, but I don't know if it is possible for ipfilter to filter by
domain address and not by IP address. However, you can filter by domain
address in the ssh daemon itself (/etc/ssh/sshd_config file), at least in
OpenSSH.
Other possibility: since you are connecting from home, your IP address is
likely to change within a relatively small range, assigned by your ISP to
it's customer lines. Isn't it acceptable for you to allow connections from
that entire range?
Regards,
Jaroslaw Rafa
raj@ap.krakow.pl
--
Spam, wirusy, spyware... masz dość? Jest alternatywa!
http://www.firefox.pl/ --- http://www.thunderbird.pl/
Szybciej. Łatwiej. Bezpieczniej. Internet tak jak lubisz.
|