[Gllug] Disabling ssh port forwarding per user

Nix nix at esperi.org.uk
Fri Dec 9 22:14:25 UTC 2011

On 7 Dec 2011, Tethys . told this:

> I want to disable port/agent forwarding when logging in as a given
> user. In that user's authorized keys file, I can prefix each key with
> the relevant options:
> 	no-agent-forwarding,no-port-forwarding ssh-dss <my_public_key>

In sshd_config:

Match User blah
    AllowAgentForwarding no
    AllowTcpForwarding no

(This needs a fairly recent OpenSSH, as Match has been gaining the
ability to restrict more things on a per-user/per-address basis as time
goes by.)

NULL && (void)
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list