Re: SSH VPN without root login?
It appears that the SSH VPN startup runs /bin/sh /etc/netstart tun0 I suspect that if I could somehow get a sudo in front of that things would work. Must go read source code... On Mon, Aug 15, 2011 at 10:09:48PM +1200, Graeme Neilson wrote: Pretty sure if you change the owner / group of the tap or tun device you are using to the user you want to bring up the tunnel you can avoid root. G On Fri, Aug 12, 2011 at 5:40 AM, Michael W. Lucas mwlu...@blackhelicopters.org wrote: Hi, I'm trying to get a SSH VPN working between a 4.9 i386 and a recent 5.0 amd64 snapshot (with the MP#49 kernel). The tunnel works fine if I SSH in as root. My guts really protest at enabling remote root logins, however. Yes, I can limit the access with a Match statement. Surely I can change some device permissions, or use sudo, to permit a particular otherwise-unprivileged user to bring up this VPN? Any suggestions on where to look for that? I've tried several Internet searches, but found nothing. Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor
Re: SSH VPN without root login?
Pretty sure if you change the owner / group of the tap or tun device you are using to the user you want to bring up the tunnel you can avoid root. G On Fri, Aug 12, 2011 at 5:40 AM, Michael W. Lucas mwlu...@blackhelicopters.org wrote: Hi, I'm trying to get a SSH VPN working between a 4.9 i386 and a recent 5.0 amd64 snapshot (with the MP#49 kernel). The tunnel works fine if I SSH in as root. My guts really protest at enabling remote root logins, however. Yes, I can limit the access with a Match statement. Surely I can change some device permissions, or use sudo, to permit a particular otherwise-unprivileged user to bring up this VPN? Any suggestions on where to look for that? I've tried several Internet searches, but found nothing. Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor
SSH VPN without root login?
Hi, I'm trying to get a SSH VPN working between a 4.9 i386 and a recent 5.0 amd64 snapshot (with the MP#49 kernel). The tunnel works fine if I SSH in as root. My guts really protest at enabling remote root logins, however. Yes, I can limit the access with a Match statement. Surely I can change some device permissions, or use sudo, to permit a particular otherwise-unprivileged user to bring up this VPN? Any suggestions on where to look for that? I've tried several Internet searches, but found nothing. Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: Network Flow Analysis http://www.networkflowanalysis.com/ mwlu...@blackhelicopters.org, Twitter @mwlauthor