Re: Tunnel-only SSH keys
From: Brian Reichert (reichert_at_numachi.com)
Date: 09/22/05
- Previous message: markzero: "Re: Tunnel-only SSH keys"
- In reply to: David Wolfskill: "Re: Tunnel-only SSH keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Sep 2005 13:33:47 -0400 To: David Wolfskill <david@bunrab.catwhisker.org>, freebsd-security@freebsd.org
On Thu, Sep 22, 2005 at 09:22:38AM -0700, David Wolfskill wrote:
> On Thu, Sep 22, 2005 at 04:27:18PM +0100, markzero wrote:
> > Hello.
> >
> > I once read somewhere that it's possible to limit SSH pubkeys to
> > 'tunnel-only'. I can't seem to find any information about this
> > in any of the usual places.
> > ...
> > Can this be done with OpenSSH? I'd like to try and stay away from
> > the complexities of a chrooted-stunnel for now...
>
> See the section "AUTHORIZED_KEYS FILE FORMAT" in the sshd man page.
>
> There is also a discussion of this in the O'Reilly _SSH_ book.
Sorry for the arm-wave (in that I don't have the details of this
rumor), but I recall it's possible, via a client, to screw with the
remote environment, as to supply a different shell; that would affect
these tactics, perhaps.
> Peace,
> david
> --
> David H. Wolfskill david@catwhisker.org
> Prediction is difficult, especially if it involves the future. -- Niels Bohr
-- Brian Reichert <reichert@numachi.com> 55 Crystal Ave. #286 Daytime number: (603) 434-6842 Derry NH 03038-1725 USA BSD admin/developer at large _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: markzero: "Re: Tunnel-only SSH keys"
- In reply to: David Wolfskill: "Re: Tunnel-only SSH keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
