Hans van Leeuwen <[EMAIL PROTECTED]> wrote: > Hello, > > My company has created an application that allows remote users to edit > their DNS-records. This app needs to restart bind on the remote nameservers.
This is a poor way to do dynamic DNS. > I have decided to do this thrue SSH by putting the client key in > authorized_keys2. But this seems a little risky, so I was wondering if > it was possible to get sshd to only allow the client MAC-address. I think you're probably trying to solve the wrong problem here, but you can add a "command=/usr/bin/dowhatever" directive to the line for your key in authorized_keys, and when that key is used to log in, that's the command that gets run. This will reduce your risk somewhat. -- Sam "Eddie" Couter | mailto:[EMAIL PROTECTED] Debian Developer | mailto:[EMAIL PROTECTED] | jabber:[EMAIL PROTECTED] OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
pgpI77mhHxbkp.pgp
Description: PGP signature