secure port forwarding without shell access
From: robert (rturner_at_teamcertified.com)
Date: 09/29/04
- Next message: Gerald Holl: "sshd delay after failed login"
- Previous message: Ido Admon: "Re: PuTTY - connection refused to a server on LAN"
- Next in thread: Andrew Schulman: "Re: secure port forwarding without shell access"
- Reply: Andrew Schulman: "Re: secure port forwarding without shell access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Sep 2004 10:09:54 -0700
I have the following set up on linux with the intention of allowing
specific ports to be forwarded and to not allow shell access to these
specific users.
I am unsure if this is an acceptable configuration and hope to get
input regarding same.
My setup is :
SSH-2.0-OpenSSH_3.5p1
sshd is started with : sshd --command=permitopen=localhost:3128
sshd_config has not been modified from its default.
Those users that are "restricted" have been usermod -s "/bin/rbash"
username
and /bin/rbash mode is 755 owned by root and contains :
#!/bin/bash
/bin/bash -r >/dev/null 2>&1
tail -f /dev/null
This seems to limit port forwarding and prevent shell access.
Is this the best way and is it secure?
Any suggestions or comments would be greatly appreciated!
Thanks.
- Next message: Gerald Holl: "sshd delay after failed login"
- Previous message: Ido Admon: "Re: PuTTY - connection refused to a server on LAN"
- Next in thread: Andrew Schulman: "Re: secure port forwarding without shell access"
- Reply: Andrew Schulman: "Re: secure port forwarding without shell access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
