Hi, Iñaki Martínez écrivait : > I have a server in internet and i want several clients to access to it > via SSH but i DON'T want they to be able to use SSH from that server. > So i client can access the server via SSH, but s/he CAN NOT ssh to other > servers from my server... > How can i do this???? Some SSH configuration??? Some Iptables rule???
Once you gave shell access, it's a bit difficult to forbid any networking... Even if you remove the ssh client (rm /usr/bin/ssh), they may get it from other place and download it to your server. Even if you forbid output networking to port 22 (iptables -A OUTPUT -p tcp --dport 22 -j REJECT), they may use another port number. Event if you forbid all networking except one port (for exemple HTTP), they may use that opened port to do tunnelling to be able to use SSH... It really depend on the skills of your users and what you want to allow them to do. First ask yourself, do I realy need to give them shell access? Regards, J.C. -- Jean Christophe ANDRÉ <[EMAIL PROTECTED]> http://www.vn.refer.org/ Coordonnateur technique régional / Associé principal technologie projet Reflets Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP) Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam / Note personnelle : merci d'évitez de m'envoyer des fichiers PowerPoint ou \ \ Word ; voir ici : http://www.fsf.org/philosophy/no-word-attachments.fr.html /
