-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hornet wrote: > On 7/22/05, Trevor Sullivan <[EMAIL PROTECTED]> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 >> >> Hornet wrote: >> >>> On 7/21/05, Trevor Sullivan <[EMAIL PROTECTED]> wrote: >>> >>>> Hello list, I am curious as to whether or not it is possible >>>> to restrict certain users from tunneling traffic through SSH. >>>> I would like to be able to tunnel my own traffic, but provide >>>> user logins that are restricted from accessing the rest of my >>>> inside network. Is it possible to restrict this by user? >>>> Thanks >>>> >>>> Trevor >>> >>> I'm pretty sure it is an all or nothing config option in >>> sshd.conf in the global sense. But you can make specific >>> options for specific hosts. >>> >> So could I possibly restrict SSH tunneling by IP (host)? I guess >> my concern is that if I create a user account, it will be able to >> tunnel to other machines on my network w/o restriction. Is the >> way to do this maybe a DMZ or separate VLAN? >> >> Trevor > > > Yes, should be able to do this via your sshd config. I would > recommend using webmin for this. I have not done this before, but > it looks do able. Are your user going to be using ssh, or is this > just a SMB box? If it is just a SMB box, then I would just set the > shell account to "nologin" since that is separate from the SMB > account. > > Also I guess you could set a up firewall and restrict the ports > that can talk on the LAN. > > -Erik- _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions To > unsubscribe, send any mail to > "[EMAIL PROTECTED]" > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions To > unsubscribe, send any mail to > "[EMAIL PROTECTED]" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions To > unsubscribe, send any mail to > "[EMAIL PROTECTED]" > Well I was thinking about setting up vsftpd as my ftp server. I tried it a while ago and was having some issues with PAM while configuring virtual users so I decided to use pure-ftpd for a while because that was quite a bit easier to use. In the case of vsftpd, I don't really hope to setup virtual users (as big a PITA that was), so instead I'm going to just use unix authentication. I guess...I could still just set their shell to nologin huh? Didn't even think about that...lol. I do have a question though...I understand that for Mac OSX, there is a program that establishes SSH tunnels w/o actually being an SSH "client" per se...would this till allow the user to use something like that?
Trevor -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) iD8DBQFC4oOdoGycRpOgdeERA36iAJoCN1k/Sf4nu1sx1ypgPhDeyyBREQCfUWKq t3a7LwrSKVZkPr44m4SsmiE= =g305 -----END PGP SIGNATURE----- _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"