Question restricting ssh access for some users only
From: Jim Hatfield (subscriber_at_insignia.com)
Date: 10/07/04
- Previous message: Jacques A. Vidrine: "Re: FreeBSD Security Advisory FreeBSD-SA-04:15.syscons"
- Next in thread: Volker Kindermann: "Re: Question restricting ssh access for some users only"
- Reply: Volker Kindermann: "Re: Question restricting ssh access for some users only"
- Reply: Kevin: "Re: Question restricting ssh access for some users only"
- Maybe reply: Jim Hatfield: "Re: Question restricting ssh access for some users only"
- Maybe reply: Jim Hatfield: "Re: Question restricting ssh access for some users only"
- Maybe reply: Jeremie Le Hen: "Re: Question restricting ssh access for some users only"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: freebsd-security@freebsd.org Date: Thu, 07 Oct 2004 18:29:35 +0100
I've used ssh as a secure telnet up to now but done little else with
it. The FreeBSD machines I look after on our internet-facing network
all have one account which I connect to for administration. I've set
up /etc/hosts.allow on all the machines to only allow ssh from a
limited internal network range.
Now I want to create a new account on one machine which will be
accessible from the Internet as a whole, to be used for tunnelling of
SMTP and POP3. I can't predict what the client IP address will be so I
will have to remove the hosts.allow restriction. Is there any way I
can:
- still prevent connections to my admin user from anywhere except a
restricted set of addresses
- disallow shell access for the new account but still allow tunnelling
I think I can solve the first problem by using a new login class and
an entry in login.conf, but there may be better ways.
I think I can solve the second by giving the new user a shell of
/bin/cat (putting that in /etc/shells) but again there may be a neater
way.
jim
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Jacques A. Vidrine: "Re: FreeBSD Security Advisory FreeBSD-SA-04:15.syscons"
- Next in thread: Volker Kindermann: "Re: Question restricting ssh access for some users only"
- Reply: Volker Kindermann: "Re: Question restricting ssh access for some users only"
- Reply: Kevin: "Re: Question restricting ssh access for some users only"
- Maybe reply: Jim Hatfield: "Re: Question restricting ssh access for some users only"
- Maybe reply: Jim Hatfield: "Re: Question restricting ssh access for some users only"
- Maybe reply: Jeremie Le Hen: "Re: Question restricting ssh access for some users only"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
