Is there any way to hook the point when channel port listener accepts a new connection?
Alex Bligh
alex at alex.org.uk
Fri Jan 22 21:15:33 EST 2010
--On 22 January 2010 15:32:02 +0800 yingyuan cheng
<yingyuan.cheng at gmail.com> wrote:
> If no login shell existing when a forwarding request coming, is it
> possible to ignore or close the coming request?
>
> I want to use one system account to provide tunnels for hundreds of
> users, how can I make things easier?
I think the easiest way to do this is to give them all the same
system account (UID), but to give them all different public
keys. You can then use the authenticate by key stuff to
present different parameters. You can disable any sort
of interactive login, shell, ability to run commands etc.,
and just allow them to tunnel. I've got this working with
tunnels before.
The main problem if you are using tun device tunnels is that
you often want a script to set them up, and it is near
impossible to get the server tun device name when they
log in from a (fixed) script you run. I posted a patch
here to put this in an environment variable.
--
Alex Bligh
More information about the openssh-unix-dev
mailing list