[conspire] hospedagem de site - planos de hospedagem
Don Marti
dmarti at zgp.org
Mon Mar 21 12:49:18 PST 2005
begin Rick Moen quotation of Mon, Mar 21, 2005 at 12:37:35PM -0800:
> Well, it was only a matter of time until the twits found the NNTP
> newsgroup access to this mailing list -- that has been openly
> accessible. I've now restricted access to localhost only, i.e.,
> linuxmafia.com shell accounts. I'll gladly add members' fixed IP
> addresses (if any) to the allowed list: E-mail me.
Another way to handle this kind of thing is to create
a "tunnel only" account and have authorized users
send in SSH public keys.
To make an account only work for tunneling, you
can add this to the beginning of each key in the
authorized_keys file.
command="/bin/false",no-X11-forwarding.no-agent-forwarding,no-pty
Or just making the tunnel account's shell /bin/false
would do it.
Is there a way to make an account only good for
tunneling to a certain port, without running an extra
sshd on a different virtual interface?
--
Don Marti
http://zgp.org/~dmarti/
dmarti at zgp.org
More information about the conspire
mailing list