[clug] SSH + PAM

Robert Edwards bob at cs.anu.edu.au
Wed Jan 2 05:56:44 GMT 2008

Happy New Year to all!

Back on my old hobby horse of wanting to make SSH do stuff that it
just ain't set up to do (yet) - now I want to be able to authenticate
differently depending upon which interface an incoming SSH request is
coming from.

My SSH login server has two interfaces, one out to the BIG, BAD
Internet and the other to my quite, peaceful little internal network.

Both authentication schemes rely on/require PAM (pam-ldap and pam-opie).

Anyone know enough about either PAM or SSH to help me work out how to
do this?

Option 1: two instances of SSH with different config files, one
listening on the internal interface/IP address and the other on the
other. But both need "UsePAM", so how do I tell PAM which SSH is which?

Option 2: get PAM to behave differently depending upon the REMOTE_HOST
environment - but how do you do that?

Option 3: don't use PAM for one of the authentication methods (eg. use
PublicKey instead), but that just ain't so practical for this situation.

Any help, tips, random ideas would be much appreciated.


Bob Edwards.

More information about the linux mailing list