[scponly] scponly and tunneling
wbr oblyr
joe at sublimation.org
Fri Oct 23 13:54:41 EDT 2009
Hi Sami,
Actually, I believe the TCP redirection is controlled by the sshd
config file without regard for which user may be connected. (I believe
the directive is called "AllowTcpForwarding" in sshd_config).
In other words, if AllowTcpForwarding is turned on, any/all users,
including scponly users, can use redirection.
If this isn't acceptable (and I can see how some people might object),
one alternative is to run two sshd daemons on different ports with
different configuration files, which might look something like this:
regular user config file:
AllowUsers alice, bob, trent
AllowTcpForwarding yes
Port 22
scponly user config file:
AllowUsers scponly_user, mallory
AllowTcpForwarding no
Port 2200
Hope this is helpful...
joe
On Fri, Oct 23, 2009 at 10:15 AM, Sami Ilekti <sami at gimo.co.uk> wrote:
> Hello everybody,
>
> I don't know if it's possible but I would like authorize one of my scponly
> user to do a ssh tunnel to my proxy (squid).
>
> I'm on FreeBSD 7.2 i386 on a old machine (AMD Barton).
>
> Thx for your help.
>
>
> _______________________________________________
> scponly mailing list
> scponly at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/scponly
>
>
More information about the scponly
mailing list