Limit access via openssh?
René Berber
r.berber@computer.org
Wed Nov 14 21:20:00 GMT 2007
Tony Benham wrote:
> This isn't strictly a cygwin question, but I'm using cygwin ssh implementation.
> I have an external user that uses ssh & public key to open a tunnel to my
> windows server running cygwin. They use the tunnel to connect to an apache
> server inside our network. This all works fine. What I want to do is to limit
> their access to only the apache server, and prevent them opening terminals on
> our server ?
> Is this possible ?
Yes. The way to do it is using the options on the authorized_keys file,
see 'man 8 sshd' section 'AUTHORIZED_KEYS FILE FORMAT'.
The format of ~/.ssh/authorized_keys is:
TYPE KEY COMMENT
you use the format with options:
options TYPE KEY COMMENT
where, in your case, options are:
no-pty,no-X11-forwarding,no-agent-forwarding,permitopen="host:port"
(change host:port to the values used by your tunnel).
--
René Berber
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list