This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Limit access via openssh?


Tony Benham wrote:

> This isn't strictly a cygwin question, but I'm using cygwin ssh implementation.
> I have an external user that uses ssh & public key to open a tunnel to my
> windows server running cygwin. They use the tunnel to connect to an apache
> server inside our network. This all works fine. What I want to do is to limit
> their access to only the apache server, and prevent them opening terminals on
> our server ?
> Is this possible ?

Yes.  The way to do it is using the options on the authorized_keys file,
see 'man 8 sshd' section 'AUTHORIZED_KEYS FILE FORMAT'.

The format of ~/.ssh/authorized_keys is:

TYPE KEY COMMENT

you use the format with options:

options TYPE KEY COMMENT

where, in your case, options are:

no-pty,no-X11-forwarding,no-agent-forwarding,permitopen="host:port"

(change host:port to the values used by your tunnel).
-- 
René Berber


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]