Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SSH tunelling

from [Gareth Bromley] Network Security [Permanent Link]
Subject: Re: SSH tunelling
Date: Tue, 14 Sep 2004 10:09:18 +0100 (BST) 
What you can do is use authorized_keys to control with no-port-forwarding
or permitopen="host:port" options.

I'd personally not want to use a potentially user editable file to control
this, and would rather use some centrally controlled file.

Ofcourse brings in an interesting question about auditing that I've yet to
solve about the setup and logging of tunnels and the user that did it.

Hopefully someone to help there too :)

Gareth



On Fri, 10 Sep 2004, Filip Fafara wrote:


Date: Fri, 10 Sep 2004 23:59:12 +0200 (CEST)
From: Filip Fafara <tazzek@tasak.org>
To: SSH Mailing List <secureshell@securityfocus.com>
Subject: SSH tunelling

Hi,
I have a proble and I was hoping You guys could help me. I have to
restrict a user on a sshd server
to be able to create only one specific tunnel. It looks like that:

clients-------sshd server---------app server

All clients share one user on sshd server and I don't want them to be able
to create tunnels to ports or hosts other than specific port
on app server. Is such restriction possible to achieve on
a ssh-layer, for example in sshd.conf, or ~/.ssh or do I have to go and
play with the firewall?
I would really appreciate any advices and hints.

Filip
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SSH tunelling, Filip Fafara
    • Re: SSH tunelling, Gareth Bromley <=
Previous by Date:  Both RSA and DSA host keys needed?, Andrei Badea
Next by Date:  Re: Locking down ssh config in large env, Brett Anderson
Previous by Thread:  SSH tunelling, Filip Fafara
Next by Thread:  scp to pipe, hlaguy
Indexes:  [Date] [Thread] [Top] [All Lists]