Hi everyone, been lurking for awhile but we recently upgraded our authentication server to ISE. What we're trying to do is to add a policy that will ONLY allow a service-account authentication if you're SSH-ing from a specific IP.
For example, we want user A is using service-account on computer A to login to router Z, but don't allow user B using service-account on computer B (or any other computer) to login to router Z. User B authenticate with their own ID, however, just not the service account.
Is this possible? So far, we tried looking at the RADIUS protocol and did a packet capture and we didn't see any field that might support what we're trying to do. Any suggestion?
No comments:
Post a Comment