[scponly] [Re: Re: scponly and tunneling]
Sami Ilekti
sami at gimo.co.uk
Fri Oct 23 16:26:21 EDT 2009
For information :
You have totally right but FreeBSD7.2's ssh support "per-users settings".
At the end of sshd_config you have :
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
then I disable TcpForwarding and authorize only which certain users.
GGGGGreat it's working.
Happy Sami.
wbr oblyr a écrit :
> Hi Sami,
>
> Actually, I believe the TCP redirection is controlled by the sshd
> config file without regard for which user may be connected. (I believe
> the directive is called "AllowTcpForwarding" in sshd_config).
>
> In other words, if AllowTcpForwarding is turned on, any/all users,
> including scponly users, can use redirection.
>
> If this isn't acceptable (and I can see how some people might object),
> one alternative is to run two sshd daemons on different ports with
> different configuration files, which might look something like this:
>
> regular user config file:
> AllowUsers alice, bob, trent
> AllowTcpForwarding yes
> Port 22
>
> scponly user config file:
> AllowUsers scponly_user, mallory
> AllowTcpForwarding no
> Port 2200
>
> Hope this is helpful...
>
> joe
>
>
> On Fri, Oct 23, 2009 at 10:15 AM, Sami Ilekti <sami at gimo.co.uk> wrote:
>
>> Hello everybody,
>>
>> I don't know if it's possible but I would like authorize one of my scponly
>> user to do a ssh tunnel to my proxy (squid).
>>
>> I'm on FreeBSD 7.2 i386 on a old machine (AMD Barton).
>>
>> Thx for your help.
>>
>>
>> _______________________________________________
>> scponly mailing list
>> scponly at lists.ccs.neu.edu
>> https://lists.ccs.neu.edu/bin/listinfo/scponly
>>
>>
>>
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the scponly
mailing list