Howto?

From: Stephen Biggs (xyzzy_at_hotpop.com)
Date: 08/24/03

  • Next message: Richard Harman: "how do tell ssh which key in the ssh-agent to use?"
    To: SSH list <secureshell@securityfocus.com>
    Date: 24 Aug 2003 10:51:45 +0300
    
    

    I have a machine behind a firewall that I connect out to another machine
    using remote port forwarding. Then, on the outer machine, I tunnel back
    through to the firewalled machine by accessing the listening port with
    SSH.

    This works fine but seems more than a little insecure. I would rather
    have the firewalled machine connect to the outer machine with a special
    account that only allows this connection without any other ability to
    normal SSH and login.

    I was thinking that the outer machine could define a user with
    "/bin/false" as its shell. I already connect using "-T -N" which should
    not need a remote shell. Would this work and would this also prevent
    SCP/SFTP from running?


  • Next message: Richard Harman: "how do tell ssh which key in the ssh-agent to use?"