Re: restricting TCP forwarding
- From: Flash Gordon <spam@xxxxxxxxxxxxxxxxxx>
- Date: Wed, 10 May 2006 09:20:35 +0100
Richard E. Silverman wrote:
"SM" == Steven Mocking <ufo@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> writes:
SM> Any user with an existing file as a shell entry in /etc/passwd can
SM> use ssh forwarding. This rather defeats the purpose of scponly.
SM> Is it possible to restrict this on a per-group or per-user basis?
SM> Or is running a second ssh server the only solution?
Not with OpenSSH, though other SSH servers such as Tectia and vshd do have
this capability.
With openssh if you set ownership and permissions on .ssh & ..ssh/authorized_keys such that the user can't modify it (e.g. owned by root) you can use the no-port-forwarding option on the key.
--
Flash Gordon, living in interesting times.
Web site - http://home.flash-gordon.me.uk/
comp.lang.c posting guidelines and intro:
http://clc-wiki.net/wiki/Intro_to_clc
.
- Follow-Ups:
- Re: restricting TCP forwarding
- From: Steven Mocking
- Re: restricting TCP forwarding
- References:
- restricting TCP forwarding
- From: Steven Mocking
- Re: restricting TCP forwarding
- From: Richard E. Silverman
- restricting TCP forwarding
- Prev by Date: Re: restricting TCP forwarding
- Next by Date: SSH problems - suddenly stopped working
- Previous by thread: Re: restricting TCP forwarding
- Next by thread: Re: restricting TCP forwarding
- Index(es):
Relevant Pages
|
