Another approach is to make the target system account not have a standard shell. Instead, the target system has a script that simply says/loops through a print statement upon connection:
"You are connected to the system. Hit ctrl-c to close this connection" Perhaps a sleep 30, then print again (for keepAlive purposes). So, in your target system you'd set up a special account just for this purpose. The entry in your /etc/passwd might be something like: fooman:x:1000:100::/home/fooman:/home/fooman/loopit.sh You can also get clever in your authorized_keys so that the client can only make specific port redirects. --- Jesse <[EMAIL PROTECTED]> wrote: > Hi, > > My problem is this: > I'm using the remote forwarding command on PC1. (So > that a port on PC2 is > forwarded to a port on PC1.) Remote forwarding works > fine, but unwanted is > that the command will also login onto PC2. Unwanted > because PC1 is not fully > under my control (but PC2 is), so people on PC1 can > find out about how to > log into PC2 by looking at PC1 and get a shell > prompt. > > At the moment I fixed this using Bitvise WinSSHD > (Win32 SSH server > software). This program has an option called "Permit > terminal shell: No". > Using this will cause the command to authenticate, > but after that it will > not give a shell prompt, only a black screen. > > So using that account of WinSSHD, people will able > to authenticate, but will > not be able to login in the shell. > But when using an account of OpenSSH, people will > also be able to login in > the shell, which is unwanted. I only need SSH > tunneling, but not SSH shell > login. > > Of course I can use WinSSHD, but I'm looking for a > solution using OpenSSH. > > Regards, > > Jesse > > -----Oorspronkelijk bericht----- > Van: Thorsten Peter [mailto:[EMAIL PROTECTED] > Verzonden: vrijdag 25 november 2005 18:22 > Aan: Jesse > CC: [email protected] > Onderwerp: Re: SSH Tunneling without console login > > hey, > > well you won't be able to open ssh tunnels, no > matter what without > logging in to the server. that's the way it works. > i am not sure what your point is. maybe you wanna > try what i do for > tunneling purposes, i login to the remote server > with the following command: > > ssh -fN [EMAIL PROTECTED] -L > localport:targetip:targetport (in your case > -R for remote forwarding) > > -f forces ssh to go into background. > -N makes it stop executing other commands (for > tunneling purposes only) > > so what it does, it logs in to your remote server, > as a background > process. you can then just leave it running, log out > of your local > shell, or do whatever your want. but still you DO > login to the remote > console. just that you don't have the ssh login > running as a foreground > process. > > regards > > Thorsten > > Jesse wrote: > > Question: > > Is it possible to use remote port forwarding > (tunneling) without having to > > login on the console? > > > > Situation: > > I have a server (PC1) which is running a SSH > service behind a firewall. I > do > > NOT have any control over the firewall, but I do > want to access the SSH > > service of PC1 from PC2 over the Internet. > > > > Solution for the situation: > > I'm using the following command on PC1 to let PC1 > make a SSH-tunnel to PC2 > > ssh -R 4000:localhost:22 [EMAIL PROTECTED] > > And I have installed a SSH service on PC2 to make > tunneling possible. > > > > Same question in detail: > > When I use the command above, it will make the > tunnel, but I will also > make > > PC1 login on the console of PC2. That last step is > something I do not > want. > > PC1 should only make the tunnel to PC2, but should > NOT login on the > console > > of PC2. > > Is this possible? > > > > > > -Jesse > > > > > > > > > > __________________________________ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/
