[Gllug] Disabling ssh port forwarding per user

Tethys . tethys at gmail.com
Wed Dec 7 16:08:37 UTC 2011

I want to disable port/agent forwarding when logging in as a given
user. In that user's authorized keys file, I can prefix each key with
the relevant options:

	no-agent-forwarding,no-port-forwarding ssh-dss <my_public_key>

However, this is somewhat clumsy. I'm effectively having to restrict
it per client-side user and thus I need to add the relevant options
whenever I add a new public key, where what I really want to do is
restrict it per server-side user so I only need to do it once. It also
doesn't prevent port forwarding when logging in with a password. Is it
possible to do those two things (with openssh)?


"Java is a DSL for taking large XML files and converting them to stack
traces" -- Bulat Shakirzyanov
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list