Restrict access to ubuntu server by computer specific information (NOT by IP, preferably not MAC either)?

How would one go about restricting access to a Linux (Ubuntu) server such that only a selected group of computers could connect -- from anywhere?

Something like CPU serial number, hard drive serial number, RAM serial number, etc., and the server would drop all incoming connections coming from machines that didn't have that group of serial numbers that either matched a white list, or hashed to some specific value.

Filtering by IP address is out of the question (limits where you can go and still connect), and because MAC addresses can be spoofed, those aren't ideal either.

I searched through some iptables stuff, but it seems (from what I found) that you can only filter by IP or Mac.

Getting the information from the machines isn't the issue -- I'm just not sure what to use on the server side to prevent unauthorized connections.

Any ideas would be greatly appreciated.

Thanks,

Andrew

The AI Architect

Posted 2013-09-05T02:57:42.273

Reputation: 113

Answers

iptables by itself won't do want you want.

You will have to use VPN connection with certificates. You may use 1 certificate on all or different one on each.

Block all standard traffic thus only allowing VPN traffic.

Each machine will have to VPN into the server. You may need to setup a whole certificate management server if you need to do advanced certificate options.

A public key and private key system will make it even harder to forge.

cybernard

Posted 2013-09-05T02:57:42.273

Reputation: 11 200

Goodness gracious. I feel like such an idiot. Of course. Thank you very much for pointing that out. I'd up-vote the answer, but I need 15 reputation to do that. – The AI Architect – 2013-09-05T03:27:33.403

@andrewm921 Your welcome. Now setting it up that is the HARD part. – cybernard – 2013-09-05T03:29:12.933