• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

SSH tunneling - per user rules

Red Squirrel

Red Squirrel

No Lifer
Lets say I have an external SSH port open to the public. I'd like to SSH in and be able to tunnel to a certain IP and port. Now ANY user that logs in can do this. So on its own, its not very secure as anyone who has SSH access to the network, basically has full access to anything on the network. Is there a way to limit on a per user basis what is allowed to be tunneled and not?

Moving to Networking from Security, you may get more responses there. Security Mod-Oakenfold
 
If you're talking about the real SSH VPN stuff using the Tunnel directive then you can probably set it off by default but use a Host statement to enable it when coming from a specific host. If you're talking about the individual port forwarding, it doesn't look like there's any way to disable that.
 
If you're using a recent version of OpenSSH you can set these things on a per user basis.

from sshd_config (OpenBSD's version anyhow):
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
Click to expand...
 
OpenSSH has made some leaps and bounds in the past year with respect to per-user rule policies. The documentation is quite comprehensive, have you been through that yet? I hate to be one of those RTFM guys, but with respect to OpenBSD, it is authoritative, bar none.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top