[Gllug] Limiting SSH access

Tethys tet at accucard.com
Thu Apr 3 09:14:09 UTC 2003


"French, Alastair" writes:

>We have linux box inside our Lan (the rest is running NT/2K) with ssh
>enabled for external access. Is there a way that we can restrict anyone
>ssh'ing to that machine so that they cannot gain access to any other part of
>the network?

Not easily. For what do they need access to the Linux box? Could you,
for example, set up ssh keys that restrict the commands they can run?

As others have sugegsted, you could set up a chrooted jail with only
approved programs in it. Or you could consider something like VMWare
or UML, where you have a guest OS hosted on the box, and you'd let
them ssh into that instead of the real box. You'd then ensure the
guest only had native networking to the outside world, and put
firewalling on the host OS to drop all packets from the guest OS
destined for your internal networks.

Tet

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list