On 2011-01-17, DRC <[email protected]> wrote: > On 1/17/11 8:12 AM, Andreas Delleske wrote: >> 2. Next, I want to add the ssh tunnel: How can I block users getting >> shell access BUT be able to login via VNC plus ssh tunnel? I want to >> make sure that the users have their desktop but may not move code from >> or to the session on the server (I know, except making screenshots) > > Setting the user's shell to /bin/false should prevent them from logging > in interactively but still allow them to set up SSh tunnels. > This is not sufficient. Client can ask SSH server to run arbitrary executable. Look for ForceCommand and Subsystem in sshd configuration. Namely for articles on the web about this issue. It's not trivial as OpenSSH server does not offer straight-forward configuration in this area.
-- Petr ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ VirtualGL-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/virtualgl-users
