ssh man page about 'tunnel' feature
Peter Stuge
peter at stuge.se
Fri Mar 24 13:24:35 AEDT 2017
Catalin Patulea wrote:
> The following entry would permit connections on tun(4)
> device 1 from user "jane" and on tun device 2 from user "john",
> if PermitRootLogin is set to "forced-commands-only":
>
> tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
> tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john
> --
>
> Is that true?
Yes.
> Can /root authorized_keys set keys for other users?
jane and john are not neccessarily local users, they are usernames
in the comment fields of the two authorized public keys.
The comment by default reflects the current username on the system
where a key was generated.
If that happened to have been on the local system, then local users
jane and john are indeed authorized to create tunnels, but that use
case doesn't make much sense.
//Peter
More information about the openssh-unix-dev
mailing list