[Gllug] Limiting SSH access

[John Hearns]

On Thu, 2003-04-03 at 08:31, French, Alastair wrote:
> Hi all
> 
> We have linux box inside our Lan (the rest is running NT/2K) with ssh
> enabled for external access. Is there a way that we can restrict anyone
> ssh'ing to that machine so that they cannot gain access to any other part of
> the network?
> 

What utilites does the person who comes in via ssh need?
Maybe you could set up a chrooted environment, with only the bare
minimum set of binaries available.

I guess though that the answer from GLLUG will be:
"All well and good - but a smart person can do xxxyyy to break out of a
chroot jail"

I suppose it is a balance of probabilities - if it is important enough
for you to let in (say) a customer or engineer via ssh, you might judge 
a small risk to be acceptable.



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug