Re: PLINK and/or PuTTY -- Logon to Linux with no Privileges
- From: "Richard E. Silverman" <res@xxxxxxxx>
- Date: 21 Mar 2006 20:39:27 -0500
"HV" == Hal Vaughan <hal@xxxxxxxxxxxxxxxxxxxx> writes:
HV> My guess on this is that it's hard to check encrypted data so not
HV> much checking would be done on that port anyway. Is that at all
HV> close to fact or is there any basis for that idea?
If it were just "encrypted data," it might be, but detecting which
protocol is in use is easy, among other reasons because the connection
setup is, perforce, not encrypted.
HV> Actually, I'm dealing with admin people who have authority over IT
HV> people and basically would prefer me do this than change the
HV> firewall. In one case there's a Cisco router handling it and a
HV> history of having trouble finding anyone who knows IOS to program
HV> it, so the feeling is, "The firewall's working. Nobody's touching
HV> it. If you can find a way to work with it, great."
Well-run shop.
HV> I never knew any of that was possible. Do you have Silverman's
HV> book title? I'm searching the local bookstores for it, in hopes I
HV> can get a copy today. I've been working on this for a few weeks
HV> and I really need to get it resolved before more work piles
HV> up. I've found one he co-authored, "SSH, the Secure Shell: The
HV> Definitive Guide". Is that it?
Yes, that's it. :) Along with Dan Barrett, and Bob Byrnes on the second
edition.
http://www.ora.com/catalog/sshtdg2/
>>> I'm running Linux. Is there a way to set up a restricted login
>>> (even if I have to kill it with a kill command instead of them
>>> logging out) for putty or plink? Or is there a way to set up an
>>> account for others to log in to that has no rights except the
>>> ability to log out?
Actually, this is easy, since the client does not have to start a shell to
do port forwarding. The account can have /bin/false as the shell. The
client should do the equivalent of OpenSSH "ssh -N -L x:y:z server-host".
Note this requires SSH protocol version 2.
--
Richard Silverman
res@xxxxxxxx
.
- References:
- PLINK and/or PuTTY -- Logon to Linux with no Privileges
- From: Hal Vaughan
- Re: PLINK and/or PuTTY -- Logon to Linux with no Privileges
- From: Nico Kadel-Garcia
- Re: PLINK and/or PuTTY -- Logon to Linux with no Privileges
- From: Hal Vaughan
- PLINK and/or PuTTY -- Logon to Linux with no Privileges
- Prev by Date: two users on same machine, one can ssh to another machine, the other can't
- Next by Date: Re: register ssh:// on windows
- Previous by thread: Re: PLINK and/or PuTTY -- Logon to Linux with no Privileges
- Next by thread: Re: PLINK and/or PuTTY -- Logon to Linux with no Privileges
- Index(es):
Relevant Pages
|
