Re: Howto?

From: Matt Linton (mlinton_at_email.arc.nasa.gov)
Date: 08/25/03

  • Next message: Hong Tian: "log files"
    Date: Mon, 25 Aug 2003 09:07:54 -0700 (PDT)
    To: Stephen Biggs <xyzzy@hotpop.com>
    
    

    Stephen: this depends on what services you're trying to forward (unless
    I'm misreading your question).

    What are you trying to accomplish with your tunnel?

    +---------------------------------------------------
    | Regards;
    | Matt Linton
    | UNIX Systems Administrator
    | ASANI Solutions, LLC.
    +---------------------------------------------------

    On Sun, 24 Aug 2003, Stephen Biggs wrote:

    > I have a machine behind a firewall that I connect out to another machine
    > using remote port forwarding. Then, on the outer machine, I tunnel back
    > through to the firewalled machine by accessing the listening port with
    > SSH.
    >
    > This works fine but seems more than a little insecure. I would rather
    > have the firewalled machine connect to the outer machine with a special
    > account that only allows this connection without any other ability to
    > normal SSH and login.
    >
    > I was thinking that the outer machine could define a user with
    > "/bin/false" as its shell. I already connect using "-T -N" which should
    > not need a remote shell. Would this work and would this also prevent
    > SCP/SFTP from running?
    >
    >


  • Next message: Hong Tian: "log files"