On Thu, Sep 22, 2005 at 06:09:59PM +0200, Jeremie Le Hen wrote: > Hi, > > > I once read somewhere that it's possible to limit SSH pubkeys to > > 'tunnel-only'. I can't seem to find any information about this > > in any of the usual places. > > > > I'm going to be deploying a few servers in a couple of days and > > I'd like them to log to a central server over an SSH tunnel (using > > syslog-ng) however I'd like to prevent actual logins (hence > > 'tunnel-only'). > > > > Can this be done with OpenSSH? I'd like to try and stay away from > > the complexities of a chrooted-stunnel for now... > > I think you can use /bin/false as shell, and then use ``ssh -nN'' > from the client. I've not tested this, but I guess this should > work.
See this discussion: http://www.blacksheepnetworks.com/security/hack/scponly.txt > Regards, > -- > Jeremie Le Hen > < jeremie at le-hen dot org >< ttz at chchile dot org > -- Brian Reichert <[EMAIL PROTECTED]> 55 Crystal Ave. #286 Daytime number: (603) 434-6842 Derry NH 03038-1725 USA BSD admin/developer at large _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
