Lois Bennett <[email protected]> writes:
> I need help with setting up a bastion host that will only allow users
> to ssh through. I know I should use the force command option in the
> sshd_conf file but it is being recalcitrant. Can anyone point me to a
> good tutorial on setting this up. I keep finding info about how to
> set up ssh tunneling for personal use but not how to set it up as the
> server default. The goal is a machine in the DMZ that users ssh into
> which does nothing but ssh them into the login server inside the
> firewall.
Are you absolutely sure you don't want to forward port 22/tcp to the
inside machine, and so make your system a tiny bit simpler?
In any case, can you explain what isn't working? "being recalcitrant"
isn't the most descriptive failure in the world, and the examples in the
manual page are fairly straight forward for running commands...
My guess is that you are setting the forced command to 'ssh ...', which
is failing because it doesn't have access to the users public key,
and/or because it doesn't have access to a pty, but guessing is ...
Regards,
Daniel
_______________________________________________
Tech mailing list
[email protected]
http://lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
