Restrict SSH access by machine

I'm trying to set up a server that will be logged into by people paying for a service I offer, but I want to make sure that only those people who I want can access it. I obviously can't simply give each one a different user account because they could simply share开发者_如何转开发 credentials with other people. Is it possible to restrict SSH access by MAC address or RSA Key or something like that? By IP doesn't work either because multiple people can sit behind a single router.

Yes, you could use a RSA key, using RSA's PAM modules. http://www.rsa.com/node.aspx?id=1177

No, there's no real effective way to tell programmatically who's sitting at the keyboard (which is effectively what you're after). Without more details on what the service is, it's hard for me to offer exact suggestions, but one good bet might be to design the service such that it's less useful on a shared account.