[Gllug] Disabling ssh port forwarding per user
Nix
nix at esperi.org.uk
Fri Dec 9 22:14:25 UTC 2011
On 7 Dec 2011, Tethys . told this:
> I want to disable port/agent forwarding when logging in as a given
> user. In that user's authorized keys file, I can prefix each key with
> the relevant options:
>
> no-agent-forwarding,no-port-forwarding ssh-dss <my_public_key>
In sshd_config:
Match User blah
AllowAgentForwarding no
AllowTcpForwarding no
(This needs a fairly recent OpenSSH, as Match has been gaining the
ability to restrict more things on a per-user/per-address basis as time
goes by.)
--
NULL && (void)
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list