Re: Tunnel-only SSH keys

看板FB_security作者時間20年前 (2005/09/23 10:20), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串6/6 (看更多)
On Thu, Sep 22, 2005 at 06:09:59PM +0200, Jeremie Le Hen wrote: > Hi, > > > I once read somewhere that it's possible to limit SSH pubkeys to > > 'tunnel-only'. I can't seem to find any information about this > > in any of the usual places. > > > > I'm going to be deploying a few servers in a couple of days and > > I'd like them to log to a central server over an SSH tunnel (using > > syslog-ng) however I'd like to prevent actual logins (hence > > 'tunnel-only'). > > > > Can this be done with OpenSSH? I'd like to try and stay away from > > the complexities of a chrooted-stunnel for now... > > I think you can use /bin/false as shell, and then use ``ssh -nN'' > from the client. I've not tested this, but I guess this should > work. See this discussion: http://www.blacksheepnetworks.com/security/hack/scponly.txt > Regards, > -- > Jeremie Le Hen > < jeremie at le-hen dot org >< ttz at chchile dot org > -- Brian Reichert <reichert@numachi.com> 55 Crystal Ave. #286 Daytime number: (603) 434-6842 Derry NH 03038-1725 USA BSD admin/developer at large _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 reichert. 的文章
文章代碼(AID): #13CsQ400 (FB_security)
更多 reichert. 的文章
文章代碼(AID): #13CsQ400 (FB_security)