Tunnel-only SSH keys
Brian Reichert
reichert at numachi.com
Thu Sep 22 11:01:10 PDT 2005
On Thu, Sep 22, 2005 at 06:09:59PM +0200, Jeremie Le Hen wrote:
> Hi,
>
> > I once read somewhere that it's possible to limit SSH pubkeys to
> > 'tunnel-only'. I can't seem to find any information about this
> > in any of the usual places.
> >
> > I'm going to be deploying a few servers in a couple of days and
> > I'd like them to log to a central server over an SSH tunnel (using
> > syslog-ng) however I'd like to prevent actual logins (hence
> > 'tunnel-only').
> >
> > Can this be done with OpenSSH? I'd like to try and stay away from
> > the complexities of a chrooted-stunnel for now...
>
> I think you can use /bin/false as shell, and then use ``ssh -nN''
> from the client. I've not tested this, but I guess this should
> work.
See this discussion:
http://www.blacksheepnetworks.com/security/hack/scponly.txt
> Regards,
> --
> Jeremie Le Hen
> < jeremie at le-hen dot org >< ttz at chchile dot org >
--
Brian Reichert <reichert at numachi.com>
55 Crystal Ave. #286 Daytime number: (603) 434-6842
Derry NH 03038-1725 USA BSD admin/developer at large
More information about the freebsd-security
mailing list