SSH tunneling - per user rules

Toggle sidebar Toggle sidebar

Red Squirrel

No Lifer
May 24, 2003
67,936
12,384
126
www.anyf.ca
Lets say I have an external SSH port open to the public. I'd like to SSH in and be able to tunnel to a certain IP and port. Now ANY user that logs in can do this. So on its own, its not very secure as anyone who has SSH access to the network, basically has full access to anything on the network. Is there a way to limit on a per user basis what is allowed to be tunneled and not?

Moving to Networking from Security, you may get more responses there. Security Mod-Oakenfold
 

Nothinman

Elite Member
Sep 14, 2001
30,672
0
0
If you're talking about the real SSH VPN stuff using the Tunnel directive then you can probably set it off by default but use a Host statement to enable it when coming from a specific host. If you're talking about the individual port forwarding, it doesn't look like there's any way to disable that.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
If you're using a recent version of OpenSSH you can set these things on a per user basis.

from sshd_config (OpenBSD's version anyhow):
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
Click to expand...
 
P

p0lar

Senior member
Nov 16, 2002
634
0
76
OpenSSH has made some leaps and bounds in the past year with respect to per-user rule policies. The documentation is quite comprehensive, have you been through that yet? I hate to be one of those RTFM guys, but with respect to OpenBSD, it is authoritative, bar none.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |