"Stanislav Meduna" <stano at meduna.org>
wrote:>
>We are using the AllowUsers feature of sshd and would like to control
>which users can ask for forwarding of which ports. E.g. when the
>user is foo, allow him to tunnel connections to bar:5678 and baz:7654,
>but no shell (or some dummy shell) and no other forwardings.
I have a patch that is sort-of going in this direction, although it
isn't as flexible as I would like. Part of it allows you to control
which port forwardings are allowed; another part allows you to control
which features are available for users with a restricted shell. I
think the auth_restricted() hook that I added is a reasonable first
step towards proper generalization.
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=104387691708672
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
CAPE WRATH TO RATTRAY HEAD INCLUDING ORKNEY: SOUTH OR SOUTHEAST 5 TO 7,
PERHAPS GALE 8 LATER AROUND ORKNEY. FAIR. MODERATE OR GOOD. MODERATE SHELTERED
WATERS, OTHERWISE ROUGH PERHAPS VERY ROUGH IN EAST.