Re: Tunnel-only SSH keys

看板FB_security作者時間20年前 (2005/09/23 10:20), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串5/6 (看更多)
On Thu, Sep 22, 2005 at 09:22:38AM -0700, David Wolfskill wrote: > On Thu, Sep 22, 2005 at 04:27:18PM +0100, markzero wrote: > > Hello. > > > > I once read somewhere that it's possible to limit SSH pubkeys to > > 'tunnel-only'. I can't seem to find any information about this > > in any of the usual places. > > ... > > Can this be done with OpenSSH? I'd like to try and stay away from > > the complexities of a chrooted-stunnel for now... > > See the section "AUTHORIZED_KEYS FILE FORMAT" in the sshd man page. > > There is also a discussion of this in the O'Reilly _SSH_ book. Sorry for the arm-wave (in that I don't have the details of this rumor), but I recall it's possible, via a client, to screw with the remote environment, as to supply a different shell; that would affect these tactics, perhaps. > Peace, > david > -- > David H. Wolfskill david@catwhisker.org > Prediction is difficult, especially if it involves the future. -- Niels Bohr -- Brian Reichert <reichert@numachi.com> 55 Crystal Ave. #286 Daytime number: (603) 434-6842 Derry NH 03038-1725 USA BSD admin/developer at large _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 reichert. 的文章
文章代碼(AID): #13CsQ300 (FB_security)
更多 reichert. 的文章
文章代碼(AID): #13CsQ300 (FB_security)