Re: allow login from specific address
- From: Sylvain Ferriol <sferriol@xxxxxxx>
- Date: Thu, 21 Sep 2006 12:28:04 +0200
Todd H. a écrit :
Sylvain Ferriol <sferriol@xxxxxxx> writes:why ?
Todd H. a écrit :
Sylvain Ferriol <sferriol@xxxxxxx> writes:
hello
i want to config a ssh gateway between internet and my intranet:
the specifications are:
- a user from internet can not login the ssh_gateway
- some users (admins) from intranet can login the ssh_gateway
how can i do that ?
can i allow sshd to accept login only from an ip address range ?
is it more secure to only accept port forwarding on ssh_gateway ?
TCP Wrappers rather than an sshd config is the place to do this. THe
30 second tutorial, assuming it's installed: edit /etc/hosts.deny
Make this the one and only line: sshd: ALL
the problem is that i want to allow port forwarding from internet to
intranet like this:
ssh -N -L 4444:foo_server:4444 sshd_gateway
Are your requirements are opposed to each other?
If you want to allow a forward connection from internet to intranet on
the gateway to set up that port forwarding, you can't prohibit "a user
from internet can not login the ssh_gateway."
yes
Or are you saying you want to allow this port forwarding, but no
interactive login shells from internet users?
.
- References:
- allow login from specific address
- From: Sylvain Ferriol
- Re: allow login from specific address
- From: Todd H.
- Re: allow login from specific address
- From: Sylvain Ferriol
- Re: allow login from specific address
- From: Todd H.
- allow login from specific address
- Prev by Date: Re: How to setup a ssh connection to a remote host while booting a linux system (executing an init-script) ?
- Next by Date: locking down sftp directory
- Previous by thread: Re: allow login from specific address
- Next by thread: Re: allow login from specific address
- Index(es):
Relevant Pages
|
