Howto?
From: Stephen Biggs (xyzzy_at_hotpop.com)
Date: 08/24/03
- Previous message: Stephen Biggs: "DoS bug in SSH?"
- Next in thread: Matt Linton: "Re: Howto?"
- Reply: Matt Linton: "Re: Howto?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: SSH list <secureshell@securityfocus.com> Date: 24 Aug 2003 10:51:45 +0300
I have a machine behind a firewall that I connect out to another machine
using remote port forwarding. Then, on the outer machine, I tunnel back
through to the firewalled machine by accessing the listening port with
SSH.
This works fine but seems more than a little insecure. I would rather
have the firewalled machine connect to the outer machine with a special
account that only allows this connection without any other ability to
normal SSH and login.
I was thinking that the outer machine could define a user with
"/bin/false" as its shell. I already connect using "-T -N" which should
not need a remote shell. Would this work and would this also prevent
SCP/SFTP from running?
- Previous message: Stephen Biggs: "DoS bug in SSH?"
- Next in thread: Matt Linton: "Re: Howto?"
- Reply: Matt Linton: "Re: Howto?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
