Hello, for some tasks at work I am wondering how to solve them the best way possible. The task at hand are automatic logins from some machines to others, just for the purpose of securely transfering, e.g. uploading data files.
I always limit these kinds of logins with the "from=" keyword (and others) in the authorized_keys file on the destination account. Now, with the internal-sftp server and the ChrootDirectory directive it is painless to always chroot such logins - well, almost. In /etc/ssh/sshd_config I configure it like this: Match User foo Address bar ChrootDirectory %h/chroot This creates a problem if there will be multiple logins to account "foo" from the machine "bar", as there is no way to tell them apart, i.e. if a given login is to be chrooted or not. Are there plans for something like this: Match User foo Address bar KeyFingerprint 234711abcdef... ChrootDirectory %h/chroot This would ease planing and deploying use of the ChrootDirectory a lot, as I wouldn't have to worry about what to do if there are requests to login to the same account from the same client. How would one solve this without an additional IP address on the client? Regards Thomas
