Am 20.12.2021 um 17:44 schrieb Stefan Baur:
Am 20.12.21 um 16:14 schrieb richard lucassen:In short: forget about it. If you're allowing users SSH access for X2Go, they WILL be able to copy data. You can make it a little harder for them if you think you have to, but as long as they are in control of the client hardware, they will always be able to do so.I have no complete answer to it, but if you use keys instead of user/pass then you will be able to restrict ssh in ~/.ssh/authorized_keysfrom="1.2.3.4,2.3.4.5,9.8.7.6",no-port-forwarding,command="/path/to/script",no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa <key> (all in 1 line) This is an example of what I use here, I think there must be many other options available. see "man authorized_keys"That's all fine for non-interactive commands or simple scripts. But have you tried to use this with X2Go?
That's an interesting question. @richard: Do you use this config with X2Go? Does it work?Thanks for your answers so far. I'm aware that there is no such thing as 100% security. I just try to figure out what's possible and what risks will remain.
In the end it's not my job to decide whether to take the risk or not. But I would like to know what maybe possible to prevent to advice the project on this. So I ask in a very early stage of the project so I won't have to hurry later.
Regards, Joerg
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
