This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Limit access via openssh?
- From: René Berber <r dot berber at computer dot org>
- To: cygwin at cygwin dot com
- Date: Wed, 14 Nov 2007 15:02:49 -0600
- Subject: Re: Limit access via openssh?
- References: <loom.20071114T140507-70@post.gmane.org>
Tony Benham wrote:
> This isn't strictly a cygwin question, but I'm using cygwin ssh implementation.
> I have an external user that uses ssh & public key to open a tunnel to my
> windows server running cygwin. They use the tunnel to connect to an apache
> server inside our network. This all works fine. What I want to do is to limit
> their access to only the apache server, and prevent them opening terminals on
> our server ?
> Is this possible ?
Yes. The way to do it is using the options on the authorized_keys file,
see 'man 8 sshd' section 'AUTHORIZED_KEYS FILE FORMAT'.
The format of ~/.ssh/authorized_keys is:
TYPE KEY COMMENT
you use the format with options:
options TYPE KEY COMMENT
where, in your case, options are:
no-pty,no-X11-forwarding,no-agent-forwarding,permitopen="host:port"
(change host:port to the values used by your tunnel).
--
René Berber
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/