Timeline for Is it possible to have 2 ports open on SSH with 2 different authentication schemes?
Current License: CC BY-SA 4.0
6 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 26, 2022 at 18:02 | comment | added | etosan |
If possible, always prefer locally knowable knowledge (i.e. one that does not not need remote resolution) against remotely obtained knowledge (i.e. DNS query). Unfortunately gethostname() and getnameinfo() (unless with NI_NAMEREQD) can always return numeric hostname (i.e. IP) if DNS does not resolve - which I believe is an erroneous design. Case in point, example in answer above. When you use Match Address the sshd will use getaddrinfo() instead, by which client address is lifted directly from peer of the socket and thus cannot be spoofed. So Match Address is substantially "safer".
|
|
| Jun 11, 2020 at 14:16 | history | edited | CommunityBot |
Commonmark migration
|
|
| Oct 8, 2019 at 14:25 | history | edited | fchurca | CC BY-SA 4.0 |
added 135 characters in body
|
| Oct 8, 2019 at 9:55 | comment | added | shawty | Noted thanks. What I've actually done internally is 1.2.3.4 and set it to the specific I.P address assigned to that specific server. I added it in my answer above just for illustration that it could be done more than anything. In hindsight I may actually change it. | |
| Oct 8, 2019 at 9:49 | comment | added | marcelm |
I haven't tested this, but reading the documentation suggests that this could be done better by using Match Address 1.2.0.0/16.
|
|
| Oct 8, 2019 at 4:29 | history | answered | fchurca | CC BY-SA 4.0 |