openssh unix dev - Oct 2011 - Restricting users using one port

I have ssh running on port 22 and (say) port 33333. Port 22 is restricted at
layer 3 so not much can get to it. Port 33333 is open to the world.

I only want to allow one user to authenticated using port 33333, but
all users to authenticate using port 22.

Is there any way to do this without running 2 sshd processes?

-- 
Alex Bligh

On Sun, 9 Oct 2011, Alex Bligh wrote:
> I have ssh running on port 22 and (say) port 33333. Port 22 is restricted
at
> layer 3 so not much can get to it. Port 33333 is open to the world.
> 
> I only want to allow one user to authenticated using port 33333, but
> all users to authenticate using port 22.
> 
> Is there any way to do this without running 2 sshd processes?
At the moment, no. It might be possible to add more Match options to
select using the local connection address and port. E.g.

Match user djm laddr 172.16.0.1 lport 33333
	PasswordAuthentication yes
	PubkeyAuthentication yes
	ChallengeResponseAuthentication yes
Match laddr 172.16.0.1 lport 33333
	PasswordAuthentication no
	PubkeyAuthentication no
	ChallengeResponseAuthentication no

Darren wrote most of the Match code - what do you think, Darren?

-d