 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Wed, Oct 14, 2009 at 09:44:03AM -0400, Kent Borg wrote: > Dan Ritter wrote: > > /etc/ssh/sshd_config: > > AllowTcpForwarding No > > > > That makes sense. So there is no way to set up just some users to not > be able to forward...which is why the initial question was of interest. SSH supports an awful lot of possible restrictions. To do it per-user, though, you usually have to do make them log in with SSH keys, and place restrictions on the keys. For example, you could set AuthorizedKeysFile /etc/ssh/authkeys/%u to require the authorized keys to be in that directory, and named for the user in question. Don't give them write privs. Handle the key installation yourself, and add restrictions like: from="trusted-host.one, home-machine",no-agent-forwarding,\ no-port-forwarding,no-X11-forwarding ssh-rsa AAAAB3Nza.. man authorized_keys is your friend. -dsr- -- http://tao.merseine.nu/~dsr/eula.html is hereby incorporated by reference. You can't defend freedom by getting rid of it.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
