Disabling specific port-forwarding
Tiago Marques
tiagomnm at gmail.com
Mon Mar 9 09:35:46 EST 2009
On a per user basis also? I need per-user permitopen.
Best regards,
Tiago Marques
On Sun, Mar 8, 2009 at 8:42 PM, Damien Miller <djm at mindrot.org> wrote:
> On Sun, 8 Mar 2009, Tiago Marques wrote:
>
> > On 25 Fev, 14:59, pe... at stuge.se (Peter Stuge) wrote:
> > > Tiago Marques wrote:
> > > > What can I do? I want to open all ports to some users but limit
> > > > some for the rest(3-4 different user accounts).
> > >
> > > One way is to use permitopen= in authorized_keys. Then you even get
> > >a
> >
> > > setting per key.
> >
> > AFAIK, this is done in the user accounts authorized_keys file and,
> > hence, not secure.
> >
> > >From what I've read on the web, I need to set the immutable flag on
> > the file, so it is secure. Can't this be done in a better way?
>
> PermitOpen is supported in sshd_config for a few releases now.
>
> -d
>
More information about the openssh-unix-dev
mailing list