Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] SSH tunneling restrictions
- Date: Mon, 14 Aug 2006 17:41:08 +0900
- From: "Patrick Niessen" <tlug.niessen@example.com>
- Subject: [tlug] SSH tunneling restrictions
Dear All, after considering various commercial solutions for VPN access to our office, I finall y decided that ssh tunneling is probably the easiest one to implement. A new Linux server in the DMZ only runs Openssh and keeps authorized_keys2 files for each user who needs this remote access function. I then use Putty ssh client on windows (or ssh on Mac/Linux) to connect to the gateway and tunnel local ports for the rdp protocol to machines behind the firewall. The rdp client is included in OSX, KDE and WindowsXP, so its easy to connect to windows machine in this way. Now my question: It looks that as soon as a remote client is authenticated with the private key, he can use any port he likes for outgoing traffic, ie. the tunnel is created by the client with the -L option. Is there any way to configure sshd so that only certain target ports / ip addresses can be tunneled? I guess using iptables one could block ranges, but this would affect all users. Ideally I could permit target IPs and Ports on a per user basis. regards -- Patrick Niessen
- Follow-Ups:
- Re: [tlug] SSH tunneling restrictions
- From: Gerald Naughton
- Re: [tlug] SSH tunneling restrictions
- Prev by Date: Re: [tlug] Child process
- Next by Date: Re: [tlug] SSH tunneling restrictions
- Previous by thread: [tlug] [ANN] Reminder that TLUG nomikai for today is canceled (Moved to Sept 1st)
- Next by thread: Re: [tlug] SSH tunneling restrictions
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |