[TriLUG] how do I limit log on off Id to thre IP address

Brian A. Henning lugmail at cheetah.dynip.com
Wed Feb 11 00:56:12 EST 2004


There may be a much better way to do this (I have been known to come up with
arcane--but effective--ways of doing things), but one idea is to edit
/etc/bashrc (or the appropriate global rc file for whatever shell you choose
for your users) and add a script that checks the username (using the output
of a command such as whoami), then checks the IP currently being used by
that user (this can be gleaned from the sshd log, if not from a more direct
source?) against a list (maintained in a db just for fun) and immediately
logs said user off if the IP doesn't match.

I wouldn't be surprised if this idea would also prove to be easily defeated.
I'm no expert, just an idea guy.

The suggestion that just came through as I was typing this about using certs
is a much better suggestion, but I wanted to air my Rube Goldberg concept.
:-)

Cheers,
~Brian




More information about the TriLUG mailing list