Tony Benham wrote: > This isn't strictly a cygwin question, but I'm using cygwin ssh > implementation. > I have an external user that uses ssh & public key to open a tunnel to my > windows server running cygwin. They use the tunnel to connect to an apache > server inside our network. This all works fine. What I want to do is to limit > their access to only the apache server, and prevent them opening terminals on > our server ? > Is this possible ?
Yes. The way to do it is using the options on the authorized_keys file, see 'man 8 sshd' section 'AUTHORIZED_KEYS FILE FORMAT'. The format of ~/.ssh/authorized_keys is: TYPE KEY COMMENT you use the format with options: options TYPE KEY COMMENT where, in your case, options are: no-pty,no-X11-forwarding,no-agent-forwarding,permitopen="host:port" (change host:port to the values used by your tunnel). -- René Berber -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/