[wellylug] ssh chroot jail for port forwading limiting update
Mark Signal
mark at databackup.co.nz
Tue Dec 21 08:12:17 NZDT 2004
I set up a ssh chroot jail (with jailkit) and it didnt limit port
forwarding so I emailed the author and he confirmed that a chroot jail
wouldnt help.
I found an acceptable answer in the man pages (well actually on the web
bur same diff..)
From the SSHD(8) <http://www.openbsd.org/cgi-bin/man.cgi?query=sshd>
manpage:
*AUTHORIZED_KEYS FILE* FORMAT
*no-pty*
Prevents tty allocation (a request to allocate a pty will fail).
*permitopen="host:port"* Limit local ``ssh -L'' port forwarding such
that it may only con- nect to the specified host and port. IPv6
addresses can be spec- ified with an alternative syntax:
/host///port/. Multiple *permitopen* options may be applied
separated by commas. No pattern matching is performed on the
specified hostnames, they must be literal do- mains or addresses.
this allows me to adequately limit users
thanks to all who responded to my original question
cheers
Mark Signal
More information about the wellylug
mailing list