Sorry, I can't provide fixed IPs. One of the goals is actually to have mobile users with dynamic internet connections use the database. TheNewOne schrieb:
There is a possibility to change iptables (or whatever firewall You use) to deny connections on other ports than db-port for everyone except You (but You have to have static IP). If You want, I can make You an iptables configuration, just write to my mail...
TheNewOne
Andreas napisał(a):
Markus Gaugusch schrieb:
is there a way to get expernal people to establish a SSH tunnel to one firewalled internal port without them getting a real shell to snoop around?
Use /bin/cat as shell. Pressing ctrl-c will then close the ssh session.
Markus
Can I limit the possible tunnels per user? E.g. User-A can get just a tunnel to one or a selction of internal ports but User-B can get just port 80 and I get every port I like.
My concern is that my db-users should just see the db-port. There might be some among them who actually have a clue about ssh and could access every listening port on the server just by trying a few ssh-config options.
--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org