On Fri, Sep 14, 2007 at 03:34:06PM +0200, Jordi Molina wrote: > It's not a big security risk, just ensure that the access of the user > in the fw machine has restrictive access over its home and that it > can't su/sudo to root.
You can use something like scponly, to keep anyone who steals the key from getting shell access to your firewall: http://sublimation.org/scponly/wiki/index.php/Main_Page You could also limit where logins come from via AllowUsers in your sshd config. I had thought OpenSSH had some facility built in for limiting what particular users could do (so you could create an account that can only be used for sftp transfers, and sshd would not allow that user to get a tty or shell), but I can't seem to find anything about that in the man page, so I may just be imagining this feature. -Jack -- [EMAIL PROTECTED] mailing list
