Tunnel-only SSH keys
Brian Reichert
reichert at numachi.com
Thu Sep 22 10:33:53 PDT 2005
On Thu, Sep 22, 2005 at 09:22:38AM -0700, David Wolfskill wrote:
> On Thu, Sep 22, 2005 at 04:27:18PM +0100, markzero wrote:
> > Hello.
> >
> > I once read somewhere that it's possible to limit SSH pubkeys to
> > 'tunnel-only'. I can't seem to find any information about this
> > in any of the usual places.
> > ...
> > Can this be done with OpenSSH? I'd like to try and stay away from
> > the complexities of a chrooted-stunnel for now...
>
> See the section "AUTHORIZED_KEYS FILE FORMAT" in the sshd man page.
>
> There is also a discussion of this in the O'Reilly _SSH_ book.
Sorry for the arm-wave (in that I don't have the details of this
rumor), but I recall it's possible, via a client, to screw with the
remote environment, as to supply a different shell; that would affect
these tactics, perhaps.
> Peace,
> david
> --
> David H. Wolfskill david at catwhisker.org
> Prediction is difficult, especially if it involves the future. -- Niels Bohr
--
Brian Reichert <reichert at numachi.com>
55 Crystal Ave. #286 Daytime number: (603) 434-6842
Derry NH 03038-1725 USA BSD admin/developer at large
More information about the freebsd-security
mailing list