Re: sshd PORT FORWARDING / SESSION TIME ideas
From: Alvin Austin (alvin@crlogic.com)Date: 01/16/02
- Next message: keith edward: "can I do host based authentication from openssh 2.3 to 2.9 ?"
- Previous message: Saad Kadhi: "Re: OpenSSH Error Message - Vim: Warning: Output not to terminal."
- In reply to: Richard E. Silverman: "Re: sshd PORT FORWARDING / SESSION TIME ideas"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Alvin Austin <alvin@crlogic.com> Date: Wed, 16 Jan 2002 09:31:53 -0600
"Richard E. Silverman" wrote:
> >>>>> "AA" == Alvin Austin <alvin@crlogic.com> writes:
>
> AA> How would you do this with SSHD?
>
> Which "sshd"? OpenSSH? F-Secure? ssh.com? VanDyke's VShell? And running
> on what platform?
>
openSSH on linux...
>
> AA> 1) Port forwarding restrictions...
>
> None of these are effective if you are allowing normal shell access to
> your users, as they can simply use their own forwarding software over the
> SSH connection -- which could be as simple as:
>
> % socket -bcfslqp "ssh <server> telnet localhost 25" 2001
>
> for something equivalent to "ssh -L 2001:localhost:25 <server>".
>
The users would not have shell access. Instead of /bin/sh, they would have a
very restrictive
shell script that would count down their remaining session time in minutes, and
allow them to
change their password (which would give them access to ssh for the purposes of
port
forwarding only; no interactive access, no mail on this gateway, etc.)
>
> --
> Richard Silverman
> slade@shore.net
- Next message: keith edward: "can I do host based authentication from openssh 2.3 to 2.9 ?"
- Previous message: Saad Kadhi: "Re: OpenSSH Error Message - Vim: Warning: Output not to terminal."
- In reply to: Richard E. Silverman: "Re: sshd PORT FORWARDING / SESSION TIME ideas"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
