You are not logged in.

#1 2009-09-24 19:11:25

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

scponly with chroot setup but user can STILL forward ports... [SOLVED]

I'm using scponly and have chrooted a user to his home directory.  I noticed however that I can ssh into the box enabling port forwarding which is a dangerous security breach in my opinion.  I'd like to have the ability keep port forwarding for other users, but for the scponly user, I'd like to disallow ssh port forwarding.  Anyone know how?

$ ssh nightshade -P 8081
username@nightshade's password:
Welcome to nightshade

Last edited by graysky (2009-09-25 19:08:26)


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#2 2009-09-25 19:08:16

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,595
Website

Re: scponly with chroot setup but user can STILL forward ports... [SOLVED]

Turns out this can be accomplished by the addition of two new lines to the sshd_config:

Match user USERNAME
AllowTcpForwarding no

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

Board footer

Powered by FluxBB