Re: Restrict Tunneling thru SSH
On 7/22/05, Trevor Sullivan [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hornet wrote: On 7/21/05, Trevor Sullivan [EMAIL PROTECTED] wrote: Hello list, I am curious as to whether or not it is possible to restrict certain users from tunneling traffic through SSH. I would like to be able to tunnel my own traffic, but provide user logins that are restricted from accessing the rest of my inside network. Is it possible to restrict this by user? Thanks Trevor I'm pretty sure it is an all or nothing config option in sshd.conf in the global sense. But you can make specific options for specific hosts. So could I possibly restrict SSH tunneling by IP (host)? I guess my concern is that if I create a user account, it will be able to tunnel to other machines on my network w/o restriction. Is the way to do this maybe a DMZ or separate VLAN? Trevor Yes, should be able to do this via your sshd config. I would recommend using webmin for this. I have not done this before, but it looks do able. Are your user going to be using ssh, or is this just a SMB box? If it is just a SMB box, then I would just set the shell account to nologin since that is separate from the SMB account. Also I guess you could set a up firewall and restrict the ports that can talk on the LAN. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restrict Tunneling thru SSH
On 7/22/05, Trevor Sullivan [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hornet wrote: On 7/21/05, Trevor Sullivan [EMAIL PROTECTED] wrote: Hello list, I am curious as to whether or not it is possible to restrict certain users from tunneling traffic through SSH. I would like to be able to tunnel my own traffic, but provide user logins that are restricted from accessing the rest of my inside network. Is it possible to restrict this by user? Thanks Trevor I'm pretty sure it is an all or nothing config option in sshd.conf in the global sense. But you can make specific options for specific hosts. So could I possibly restrict SSH tunneling by IP (host)? I guess my concern is that if I create a user account, it will be able to tunnel to other machines on my network w/o restriction. Is the way to do this maybe a DMZ or separate VLAN? Trevor Yes, should be able to do this via your sshd config. I would recommend using webmin for this. I have not done this before, but it looks do able. Are your user going to be using ssh, or is this just a SMB box? If it is just a SMB box, then I would just set the shell account to nologin since that is separate from the SMB account. Also I guess you could set a up firewall and restrict the ports that can talk on the LAN. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restrict Tunneling thru SSH
On 7/22/05, Trevor Sullivan [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hornet wrote: On 7/21/05, Trevor Sullivan [EMAIL PROTECTED] wrote: Hello list, I am curious as to whether or not it is possible to restrict certain users from tunneling traffic through SSH. I would like to be able to tunnel my own traffic, but provide user logins that are restricted from accessing the rest of my inside network. Is it possible to restrict this by user? Thanks Trevor I'm pretty sure it is an all or nothing config option in sshd.conf in the global sense. But you can make specific options for specific hosts. So could I possibly restrict SSH tunneling by IP (host)? I guess my concern is that if I create a user account, it will be able to tunnel to other machines on my network w/o restriction. Is the way to do this maybe a DMZ or separate VLAN? Trevor Yes, should be able to do this via your sshd config. I would recommend using webmin for this. I have not done this before, but it looks do able. Are your user going to be using ssh, or is this just a SMB box? If it is just a SMB box, then I would just set the shell account to nologin since that is separate from the SMB account. Also I guess you could set a up firewall and restrict the ports that can talk on the LAN. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restrict Tunneling thru SSH
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hornet wrote: On 7/22/05, Trevor Sullivan [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hornet wrote: On 7/21/05, Trevor Sullivan [EMAIL PROTECTED] wrote: Hello list, I am curious as to whether or not it is possible to restrict certain users from tunneling traffic through SSH. I would like to be able to tunnel my own traffic, but provide user logins that are restricted from accessing the rest of my inside network. Is it possible to restrict this by user? Thanks Trevor I'm pretty sure it is an all or nothing config option in sshd.conf in the global sense. But you can make specific options for specific hosts. So could I possibly restrict SSH tunneling by IP (host)? I guess my concern is that if I create a user account, it will be able to tunnel to other machines on my network w/o restriction. Is the way to do this maybe a DMZ or separate VLAN? Trevor Yes, should be able to do this via your sshd config. I would recommend using webmin for this. I have not done this before, but it looks do able. Are your user going to be using ssh, or is this just a SMB box? If it is just a SMB box, then I would just set the shell account to nologin since that is separate from the SMB account. Also I guess you could set a up firewall and restrict the ports that can talk on the LAN. -Erik- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Well I was thinking about setting up vsftpd as my ftp server. I tried it a while ago and was having some issues with PAM while configuring virtual users so I decided to use pure-ftpd for a while because that was quite a bit easier to use. In the case of vsftpd, I don't really hope to setup virtual users (as big a PITA that was), so instead I'm going to just use unix authentication. I guess...I could still just set their shell to nologin huh? Didn't even think about that...lol. I do have a question though...I understand that for Mac OSX, there is a program that establishes SSH tunnels w/o actually being an SSH client per se...would this till allow the user to use something like that? Trevor -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) iD8DBQFC4oOdoGycRpOgdeERA36iAJoCN1k/Sf4nu1sx1ypgPhDeyyBREQCfUWKq t3a7LwrSKVZkPr44m4SsmiE= =g305 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restrict Tunneling thru SSH
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Hornet wrote: On 7/21/05, Trevor Sullivan [EMAIL PROTECTED] wrote: Hello list, I am curious as to whether or not it is possible to restrict certain users from tunneling traffic through SSH. I would like to be able to tunnel my own traffic, but provide user logins that are restricted from accessing the rest of my inside network. Is it possible to restrict this by user? Thanks Trevor I'm pretty sure it is an all or nothing config option in sshd.conf in the global sense. But you can make specific options for specific hosts. So could I possibly restrict SSH tunneling by IP (host)? I guess my concern is that if I create a user account, it will be able to tunnel to other machines on my network w/o restriction. Is the way to do this maybe a DMZ or separate VLAN? Trevor -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) iD8DBQFC4VNYoGycRpOgdeERA319AJ0Q44VnovrE/nqGuTnB3NfAnb42IgCfRPot OL28pYsfdGzXBe7oF9OuLSE= =AcY1 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Restrict Tunneling thru SSH
Hello list, I am curious as to whether or not it is possible to restrict certain users from tunneling traffic through SSH. I would like to be able to tunnel my own traffic, but provide user logins that are restricted from accessing the rest of my inside network. Is it possible to restrict this by user? Thanks Trevor ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Restrict Tunneling thru SSH
On 7/21/05, Trevor Sullivan [EMAIL PROTECTED] wrote: Hello list, I am curious as to whether or not it is possible to restrict certain users from tunneling traffic through SSH. I would like to be able to tunnel my own traffic, but provide user logins that are restricted from accessing the rest of my inside network. Is it possible to restrict this by user? Thanks Trevor I'm pretty sure it is an all or nothing config option in sshd.conf in the global sense. But you can make specific options for specific hosts. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]