Date: Sat, 23 Jul 2005 09:23:48 -0400 From: Hornet <hornetmadness@gmail.com> To: Trevor Sullivan <pcgeek86@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Restrict Tunneling thru SSH Message-ID: <f42935a605072306236b52d3ce@mail.gmail.com> In-Reply-To: <42E15358.7010709@gmail.com> References: <42E04707.5050405@gmail.com> <f42935a6050721194824d33861@mail.gmail.com> <42E15358.7010709@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7/22/05, Trevor Sullivan <pcgeek86@gmail.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 >=20 > Hornet wrote: >=20 > > On 7/21/05, Trevor Sullivan <pcgeek86@gmail.com> wrote: > > > >> Hello list, I am curious as to whether or not it is possible to > >> restrict certain users from tunneling traffic through SSH. I > >> would like to be able to tunnel my own traffic, but provide user > >> logins that are restricted from accessing the rest of my inside > >> network. Is it possible to restrict this by user? Thanks > >> > >> Trevor > > > > I'm pretty sure it is an all or nothing config option in sshd.conf > > in the global sense. But you can make specific options for specific > > hosts. > > > So could I possibly restrict SSH tunneling by IP (host)? I guess my > concern is that if I create a user account, it will be able to tunnel > to other machines on my network w/o restriction. Is the way to do this > maybe a DMZ or separate VLAN? >=20 > Trevor Yes, should be able to do this via your sshd config. I would recommend using webmin for this. I have not done this before, but it looks do able. Are your user going to be using ssh, or is this just a SMB box? If it is just a SMB box, then I would just set the shell account to "nologin" since that is separate from the SMB account. Also I guess you could set a up firewall and restrict the ports that can talk on the LAN. -Erik-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f42935a605072306236b52d3ce>