Hi all,
I have a server where I allow some people to do SSH port forwarding for SVN,
GIT, since I need to do that to access these services in certain locations.
I can't access SVN ports in some work locations.
Thing is, I also give specific access to some user accounts, mainly git and
svn user, to some people I don't fully trust to have access to my VNC
server, which is without password since it doesn't make any sense to have it
there either way. If someone tries to do a tunnel of the VNC port with any
of the other users that not the user run the VNC session, they have full
access to that session and the computer.
The idea is to be able to limit both svn and git users to tunnel only to the
service specific port. I know I have done this once but can't seem to find
the right options now.
What can I do? I want to open all ports to some users but limit some for the
rest(3-4 different user accounts).
Best regards,
Tiago Marques
Tiago Marques wrote:> What can I do? I want to open all ports to some users but limit > some for the rest(3-4 different user accounts).One way is to use permitopen= in authorized_keys. Then you even get a setting per key. //Peter
On 25 Fev, 14:59, pe... at stuge.se (Peter Stuge) wrote:> Tiago Marques wrote: > > What can I do? I want to open all ports to some users but limit > > some for the rest(3-4 different user accounts). > > One way is to use permitopen= in authorized_keys. Then you even get a> setting per key.AFAIK, this is done in the user accounts authorized_keys file and, hence, not secure.>From what I've read on the web, I need to set the immutable flag on thefile, so it is secure. Can't this be done in a better way? Best regards, Tiago Marques> > //Peter > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-... at mindrot.orghttps://lists.mindrot.org/mailman/listinfo/openssh-unix-dev