ssh man page about 'tunnel' feature

Peter Stuge peter at
Fri Mar 24 13:24:35 AEDT 2017

Catalin Patulea wrote:
> The following entry would permit connections on tun(4)
> device 1 from user "jane" and on tun device 2 from user "john",
> if PermitRootLogin is set to "forced-commands-only":
> tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
> tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john
> --
> Is that true?


> Can /root authorized_keys set keys for other users?

jane and john are not neccessarily local users, they are usernames
in the comment fields of the two authorized public keys.

The comment by default reflects the current username on the system
where a key was generated.

If that happened to have been on the local system, then local users
jane and john are indeed authorized to create tunnels, but that use
case doesn't make much sense.


More information about the openssh-unix-dev mailing list