Re: MAC-based ssh

To: debian-security@lists.debian.org
Subject: Re: MAC-based ssh
From: Phillip Hofmeister <plhofmei@ip3inc.com>
Date: Fri, 2 May 2003 11:49:53 -0400
Message-id: <20030502154953.GA2472@ip3inc.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <3EB247BC.6080600@hanz.nl>
References: <3EB247BC.6080600@hanz.nl>

On Fri, 02 May 2003 at 12:26:04PM +0200, Hans van Leeuwen wrote:
> I have decided to do this thrue SSH by putting the client key in 
> authorized_keys2. But this seems a little risky, so I was wondering if 
> it was possible to get sshd to only allow the client MAC-address.

SSHD cannot do what you are asking it to do, in fact I don't think there
are many TCP/IP Applications that can.  The MAC address is WELL below
the layer 5,6,7 that most internet applications reside in.

Many applications can pick up layer 3 and 4 data (IP Address and port)
but the layer 2 information (MAC) is usually only a concern for the O/S
Kernel.

Some of the other options discussed in this thread might be a better
solution.

-- 
Phillip Hofmeister
Network Administrator/Systems Engineer
IP3 Inc.
http://www.ip3security.com

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #163: RPC_PMAP_FAILURE

Reply to:

Follow-Ups:
- Re: MAC-based ssh
  - From: Peter Ondraska <ondraska@dcs.fmph.uniba.sk>

References:
- MAC-based ssh
  - From: Hans van Leeuwen <email@hanz.nl>

Prev by Date: Re: [despammed] Re: Secure remote syslogging?
Next by Date: Re: MAC-based ssh
Previous by thread: Re: MAC-based ssh
Next by thread: Re: MAC-based ssh
Index(es):
- Date
- Thread