Tea Glorious Tea!
I'm using scponly and have chrooted a user to his home directory. I noticed however that I can ssh into the box enabling port forwarding which is a dangerous security breach in my opinion. I'd like to have the ability keep port forwarding for other users, but for the scponly user, I'd like to disallow ssh port forwarding. Anyone know how?
Code:$ ssh nightshade -P 8081 username@nightshade's password: Welcome to nightshade
Ubuntu addict and loving it
I believe the only way to prevent TCP forwarding is to set AllowTcpForwarding, which is a global setting. If you need to disable it for only some users, then you will need to run a seperate instance of sshd with a seperate configuration file listening on a different port.
Walking moon
Actually you can set it on a per user basis if you use ssh keys. The documentation on this is hard to find however.Originally Posted by cdenley
search on ssh forced commands
Basically on the server you add to your keys in ~/.ssh/authorized_keys
command=scp,no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty
See this blog for how I set this up for a svn server :
http://blog.bodhizazen.net/linux/svnssh/
There are two mistakes one can make along the road to truth...not going all the way, and not starting.
--Prince Gautama Siddharta
#ubuntuforums web interface
Tea Glorious Tea!
Thanks for the replies, all. Turns out this can be accomplished by the addition of two new lines to the sshd_config:
Code:Match user USERNAME AllowTcpForwarding no
Posting Permissions
Adv Reply
Bookmarks