authentication with hardware device identification??

David Southwell david at
Fri Jan 15 14:36:04 UTC 2010


I want to be able to permit ssh access to servers over the internet in a way 
that limits that access to specific hardware (i.e. laptops with known hardware 
configurations and devices). So I am looking for some additional layer of 
security on top of the normal private key & certificate system in a way that 
would enable me to configure a pf rule that would, as an addition to other 
rules, only pass external connections  to ssh port from external systems 
having the correct hardware/device specifications. 

One way of doing this might be to filter looking for a packet containing the 
required information in encrypted form. If the data is valid then the 
originating IP address might (for example) be added for a limited time to a 
pass  rule which would then enable the system to connect to the ssh port to 

Is this achievable?


More information about the freebsd-ports mailing list