Nagle, Edwin (James) [edwin.na...@austinenergy.com] wrote: > Good morning, > > My problem is, I am separating users based on interface IP and radius, and > therefore need to force their outbound SSH sessions to bind to the IP address > of the interface they came in on (or at least a different IP) so I can create > firewall rules to restrict outbound access. However, all outbound SSH > sessions are sourced through the default (bnx0) interface and therefore > hamper my ability to effectively firewall the outbound SSH requests since the > user could be in one of three firewall groups. I may be just thinking too > hard about this but it seems to me there should be (and likely is) a simple > way to bind the outgoing connection from the source address. > > Any ideas, or should I just create three virtual machines and be done with it? > > Again, thanks in advance for any guidance! >
If each user ID is correlated with a separate IP, you could run different sshd each which only allows certain users to log in, and then use pf to restrict each user in certain ways.
