Re: Force one telnet per ssh tunnle
- From: comphelp@xxxxxxxxx (Todd H.)
- Date: 10 Jan 2008 10:07:31 -0600
nsc <naunidh@xxxxxxxxx> writes:
I let users telnet to my aplication using ssh tunnle. The users use
OpenSSH client 3.x as this,
ssh -2 -N -f -L porta:localhost:23 192.168.xxx.xxx
telnet localhost porrta
The server is also an implementation of OpenSSH. My requirement is to
force only one telnet over the tunnle that has been created. For
example the following currently works,
ssh -2 -N -f -L porta:localhost:23 192.168.xxx.xxx
telnet localhost porrta
---- from another shell
telnet localhost porrta
---- from another shell
telnet localhost porrta
But I want that consequitive telnet should fail. Is there a server
setting to acheive this.
Not that I'm aware of. SSH is just creating a tunnel, not regulating
it once it's established.
If nothing else then I am also willing to change the SSH server side
code to suit my needs, but I hope that is the last resort.
That'd be a very non-trivial addition.
Let's say you do successfully get this hack implemented in
ssh.... What's to prevent someone from creating a 2nd ssh connection
and a second forwarding tunnel?
Tricks with /etc/profile and /etc/.login are likely to be more
effective for ya as there you can limit how many interactive login
sessions are allowed.
http://aplawrence.com/SCOFAQ/FAQ_scotec6restrictlogin.html
In your case, you'd limit them to 2 logins -- one for the ssh tunnel,
one for the telnet session. Though it's not clear to me why telnet
needs to be involved at all?
Best Regards,
--
Todd H.
http://www.toddh.net/
.
- References:
- Force one telnet per ssh tunnle
- From: nsc
- Force one telnet per ssh tunnle
- Prev by Date: Re: launching alternate shell
- Next by Date: Re: launching alternate shell
- Previous by thread: Force one telnet per ssh tunnle
- Next by thread: Re: Force one telnet per ssh tunnle
- Index(es):
