search for: authpf

Displaying 11 results from an estimated 11 matches for "authpf".

2015 Nov 26
2
How disable forwarding-only connections (i.e. non-shell/command non-sftp connections)? (Maybe this is a feature request!)
...y abuse > AuthorizedKeysCommand in sshd_config. As in key files. Could be partially interesting to know how a passthrough script would look for it, but, if an all-encompassing way could be worked out it would be better i.e. that supports password logins too. > This sounds a bit like what authpf[1] does. I imagine you could write > firewall rules to block outgoing tcp connections from sshd until after > authpf runs, if that is an option for you. (That sounds like a very indirect approach, in particular as it would cover only some connections?) > > [1] http://www.openbsd.or...
2015 Nov 26
2
How disable forwarding-only connections (i.e. non-shell/command non-sftp connections)? (Maybe this is a feature request!)
...#39;t answer this. Register the login to the group's login database. >> How would you do it using bsdauth? >> >> (PAM seems very redundant to install on OBSD.) > > You are using OpenBSD or something else? OpenBSD. > [...] >>> This sounds a bit like what authpf[1] does. I imagine you could >>> write >>> firewall rules to block outgoing tcp connections from sshd until >>> after >>> authpf runs, if that is an option for you. >> >> (That sounds like a very indirect approach, in particular as it would >&...
2013 Jul 05
2
Trouble with -W
I want to ssh from a client to a machine on a closed network via a jumphost; let's call them {client,internal,jumphost}.example.com. I have authpf set up on the jumphost so that when logged in, I am allowed to open TCP connections from the jumphost to port 22 on internal nodes. This works well with port forwarding: des at client ~% ssh -L2222:internal.example.com:22 jumphost.example.com but I'd rather use ProxyCommand, so I add someth...
2015 Nov 26
2
How disable forwarding-only connections (i.e. non-shell/command non-sftp connections)? (Maybe this is a feature request!)
On 2015-11-26 13:03, Darren Tucker wrote: > On Thu, Nov 26, 2015 at 3:41 PM, Tinker <tinkr at openmailbox.org> wrote: >> What I am looking for is an SSHD configuration where every >> successfully >> authenticated connection also guaranteedly will lead to a >> ForcedCommand >> invocation. > [...] >> Is this possible? > > I don't think
2011 Jun 09
5
ultrasecure sshd server
Hi, How to configure sshd to required both ssh public key and user password also? yes, stupid, but required on my setup.. -- Eero
2007 Apr 02
1
Stronger security with BSD Firewall and Freeradius
I've seen that is possible to use switch port blocking with freeradius and cisco switches via 802.1X and EAP protocol. Here is more info: http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO What if I don't have switch that supports 802.1X or I want that blocking is done by FreeBSD, not the switch. Because FreeBSD is the firewall or gateway to some networks. Is there
2013 Jan 14
2
[Bug 2062] New: Add support for a ForceShell sshd option
...chment.cgi?id=2207&action=edit Add a ForceShell option to override the user's shell This patch adds a ForceShell option to sshd to override the user's shell. This can be used in a Match block to conditionally replace the user's shell with a restricted shell such as rksh, scponly or authpf. For example, Match Address !192.168.10.0/24 ForceShell /usr/sbin/authpf This provides more flexibility than merely changing the user's shell in the passwd file. It also makes it possible to override the shell when LDAP or NIS is used for user information. -- You are receivi...
2012 Jun 01
2
ssh & control groups
Hi List, I am looking for an option for sshd to start user's shell (when logging in interactively to a remote host) in a control group via cgexec - so for example: /bin/cgexec -g <username> /bin/bash This would be extremely handy on linux Terminal servers to control users access to the system resources (protect system from a malicious user hogging the machine by running cpu/memory
2005 Sep 16
4
getent and wbinfo not returning expected results?
Hello, For some time now have been trying to connect a Samba-3.0.14a-0.4 server running on SuSE Ent 9 linux server to our Exchange 2003 (running on Server 2003 Std w/ SP1) server which is also the AD server for our domain. I can connect to the shares using the AD as the authentication source, so the basic functionality is there but some command output does not show in the way i expect
2008 Aug 21
12
machine hangs on occasion - correlated with ssh break-in attempts
Hello! A machine I manage remotely for a friend comes under a distributed ssh break-in attack every once in a while. Annoyed (and alarmed) by the messages like: Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180 Aug 12 10:21:18 symbion sshd[4335]: Invalid user mythtv from 85.234.158.180 Aug 12 10:21:20 symbion sshd[4337]: Invalid user mythtv from 85.234.158.180 Aug 12
2008 Aug 21
12
machine hangs on occasion - correlated with ssh break-in attempts
Hello! A machine I manage remotely for a friend comes under a distributed ssh break-in attack every once in a while. Annoyed (and alarmed) by the messages like: Aug 12 10:21:17 symbion sshd[4333]: Invalid user mythtv from 85.234.158.180 Aug 12 10:21:18 symbion sshd[4335]: Invalid user mythtv from 85.234.158.180 Aug 12 10:21:20 symbion sshd[4337]: Invalid user mythtv from 85.234.158.180 Aug 12