Tunnel-only SSH keys
Jeremie Le Hen
jeremie at le-hen.org
Thu Sep 22 09:10:04 PDT 2005
Hi,
> I once read somewhere that it's possible to limit SSH pubkeys to
> 'tunnel-only'. I can't seem to find any information about this
> in any of the usual places.
>
> I'm going to be deploying a few servers in a couple of days and
> I'd like them to log to a central server over an SSH tunnel (using
> syslog-ng) however I'd like to prevent actual logins (hence
> 'tunnel-only').
>
> Can this be done with OpenSSH? I'd like to try and stay away from
> the complexities of a chrooted-stunnel for now...
I think you can use /bin/false as shell, and then use ``ssh -nN''
from the client. I've not tested this, but I guess this should
work.
Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
More information about the freebsd-security
mailing list