I have some ubuntu cloud servers running and has the iptable rules applied on them to allow only few ip addresses to connect via ssh. I know how to generate SSH-key for connecting to server with/without passphrase. My manager is asking if there is any some sort of certification login which allows to connect to the cloud computers which doesn't require changing iptable rules everytime. Does anyone know this with SSH or with something?. Please let me know...
Asked
Active
Viewed 665 times
1 Answers
4
You could disable password-based login on the ssh server and remove the iptables rules. Nobody will then be able to brute-force a password-login because it's disabled, but trusted users with their key-pairs would be able to login from everywhere.
To limit the usage of the keys, you can specify which hosts they can be used from with the from parameter in front of the key in authorized_keys, for instance:
from="255.255.255.255" ssh-rsa ASDFqwerty[...]
