Re: allow login from specific address
- From: Darren Tucker <dtucker@xxxxxxxxxxxxxxxx>
- Date: 26 Nov 2006 12:40:38 GMT
On 2006-09-21, Sylvain Ferriol <sferriol@xxxxxxx> wrote:
Todd H. a écrit :[...]
If you want to allow a forward connection from internet to intranet onwhy ?
the gateway to set up that port forwarding, you can't prohibit "a user
from internet can not login the ssh_gateway."
yes
Or are you saying you want to allow this port forwarding, but no
interactive login shells from internet users?
There's a couple of new features in OpenSSH 4.4 (and newer) that could
help here: "PermitOpen" which controls which portforwards are allowed and
"Match" which can apply those restrictions to a subset of connections.
So assuming your local net is 192.168.0.0/24 and you wanted to allow any
commands or forwards from connections originating from it, this would
be something like
Match Address 192.168.0.*
PermitOpen any
Match Address *
PermitOpen 1.2.3.4:44444
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
.
- Prev by Date: Re: Access SSH server via HTTP proxy
- Next by Date: Re: Random "remote socket was reset" with SSH
- Previous by thread: PAM authentication not working after update ?
- Next by thread: Re: Random "remote socket was reset" with SSH
- Index(es):
Relevant Pages
|
|
