Re: Tunnel-only SSH keys
From: Brian Reichert (reichert_at_numachi.com)
Date: 09/22/05
- Previous message: Brian Reichert: "Re: Tunnel-only SSH keys"
- In reply to: Jeremie Le Hen: "Re: Tunnel-only SSH keys"
- Next in thread: David Wolfskill: "Re: Tunnel-only SSH keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Sep 2005 14:01:08 -0400 To: Jeremie Le Hen <jeremie@le-hen.org>
On Thu, Sep 22, 2005 at 06:09:59PM +0200, Jeremie Le Hen wrote:
> Hi,
>
> > I once read somewhere that it's possible to limit SSH pubkeys to
> > 'tunnel-only'. I can't seem to find any information about this
> > in any of the usual places.
> >
> > I'm going to be deploying a few servers in a couple of days and
> > I'd like them to log to a central server over an SSH tunnel (using
> > syslog-ng) however I'd like to prevent actual logins (hence
> > 'tunnel-only').
> >
> > Can this be done with OpenSSH? I'd like to try and stay away from
> > the complexities of a chrooted-stunnel for now...
>
> I think you can use /bin/false as shell, and then use ``ssh -nN''
> from the client. I've not tested this, but I guess this should
> work.
See this discussion:
http://www.blacksheepnetworks.com/security/hack/scponly.txt
> Regards,
> --
> Jeremie Le Hen
> < jeremie at le-hen dot org >< ttz at chchile dot org >
-- Brian Reichert <reichert@numachi.com> 55 Crystal Ave. #286 Daytime number: (603) 434-6842 Derry NH 03038-1725 USA BSD admin/developer at large _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Brian Reichert: "Re: Tunnel-only SSH keys"
- In reply to: Jeremie Le Hen: "Re: Tunnel-only SSH keys"
- Next in thread: David Wolfskill: "Re: Tunnel-only SSH keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
