| delorie.com/archives/browse.cgi | search |
| X-Spam-Check-By: | sourceware.org |
| Date: | Sun, 4 Mar 2007 23:42:32 +0200 |
| Message-Id: | <200703042142.l24LgW8e016374@beta.mvs.co.il> |
| From: | "Ehud Karni" <ehud AT unix DOT mvs DOT co DOT il> |
| To: | skatingrox2 AT gmail DOT com |
| Cc: | "cygwin" <cygwin AT cygwin DOT com> |
| Subject: | Re: Remove user access to local drives? |
| In-reply-to: | <45EA2CDF.3020700@gmail.com> (message from Francis on Sat, 03 Mar 2007 21:20:15 -0500) |
| Reply-to: | ehud AT unix DOT mvs DOT co DOT il |
| References: | <loom DOT 20070227T203610-344 AT post DOT gmane DOT org> <200703011428 DOT l21ESF4S026963 AT beta DOT mvs DOT co DOT il> <45EA2CDF DOT 3020700 AT gmail DOT com> |
| X-Mailer: | Emacs 21.3.1 rmail (send-msg 1.108) |
| MIME-Version: | 1.0 |
| X-IsSubscribed: | yes |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Unsubscribe: | <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
On Sat, 03 Mar 2007 21:20:15 Francis wrote:
>
> Ehud:
Please mail to the list, not to me ONLY.
> I apologize for being an inexperienced cygwin user, but how would I
> restrict the SSH user to one command only? Which command would PuTTY use
> to tunnel through to a remote host?
Please read the `ssh' and `sshd' man page.
This is not specific to Cygwin, so you better google for it.
You asked 2 questions.
1. You control the command a user can run by prefixing a restriction
to his/her key in the authorized_keys file. Something like:
command="exec dots.sh" ssh-dss AAAA....
You can other restrictions their like: permitopen="vnchost:5900"
which will allow connection only to this host and port.
2. To tunnel to anther machine you need to do "port forwarding", with
UNIX (Cygwin) ssh, you do it with the -L switch. I know you can do
it with Putty but it is done with its menus.
it seem that you need a restriction like this:
command="sleep 90",no-pty,permitopen="host1:port1",permitopen="host2:port2" <key>
Please note: The restrictions are key depended, it will not apply if
the user logs in with a password, so change the /etc/sshd_config option
"PasswordAuthentication" to No !
And again, read the `ssh' and `sshd' man page.
Ehud.
--
Ehud Karni Tel: +972-3-7966-561 /"\
Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign
Insurance agencies (USA) voice mail and X Against HTML Mail
http://www.mvs.co.il FAX: 1-815-5509341 / \
GnuPG: 98EA398D <http://www.keyserver.net/> Better Safe Than Sorry
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |