Restrict usage of ssh-keypair

List overview All Threads
Download

newer

older

NIS - problems with passwd

Re: AW: [suse-security] IPSEC plus...

Michael 'bukhem' Scherer

30 Jun 2003 30 Jun '03

14:47

Hi List.

I have a issue concerning the usage of an ssh keypair. With that keypair it should only be possible to:

1.) scp, if possible restrict it to a specifiy directory 2.) ssh -R ...

Any ideas how to do that?

thanks / greets

Michael

-- GiS - Gesellschaft fuer integrierte Systemplanung mbH +==================================================================+ Michael Scherer mscherer@gis-systemhaus.de Tel: 06201-503-74 Junkersstr.2 69469 Weinheim Fax: 06201-503-66 +==================================================================+ It's a book about a Spanish guy called Manual, you should read it. -- Dilbert

Show replies by date

Eduard Avetisyan

30 Jun 30 Jun

15:03

New subject: [suse-security] Restrict usage of ssh-keypair

Hi Michael,

What about making a separate user for that purpose and put him in a "rootjail" or restricted shell?

Cheers Eduard

--- Michael 'bukhem' Scherer mscherer@gis-systemhaus.de wrote:

...

Hi List.

I have a issue concerning the usage of an ssh keypair. With that keypair it should only be possible to:

1.) scp, if possible restrict it to a specifiy directory 2.) ssh -R ...

Any ideas how to do that?

thanks / greets

Michael

-- GiS - Gesellschaft fuer integrierte Systemplanung mbH

+==================================================================+

...

Michael Scherer mscherer@gis-systemhaus.de Tel: 06201-503-74 Junkersstr.2 69469 Weinheim Fax: 06201-503-66

+==================================================================+

...

It's a book about a Spanish guy called Manual, you should read it. -- Dilbert

-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

__________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com

Vladimir Dvorak

15:04

New subject: [suse-security] Restrict usage of ssh-keypair

Michael 'bukhem' Scherer wrote:

...

Hi List.

I have a issue concerning the usage of an ssh keypair. With that keypair it should only be possible to:

1.) scp, if possible restrict it to a specifiy directory 2.) ssh -R ...

Any ideas how to do that?

thanks / greets

Michael

See man 8 sshd. I thing that the best choice would be the parameter no-pty in authorized_keys file. It will disallow to set up the terminal session.

VlAdImIr DvOrAk, SuSE CR network administrator

Michael 'bukhem' Scherer

15:23

New subject: [suse-security] Restrict usage of ssh-keypair

On Mon, 30 Jun 2003, Vladimir Dvorak wrote:

...

See man 8 sshd. I thing that the best choice would be the parameter no-pty in authorized_keys file. It will disallow to set up the terminal session.

Too easy but that did the job.

Thanks.

Michael

Lars Ellenberg

1 Jul 1 Jul

01:08

New subject: [suse-security] Restrict usage of ssh-keypair

On Mon, Jun 30, 2003 at 03:23:54PM +0200, Michael 'bukhem' Scherer wrote:

...

On Mon, 30 Jun 2003, Vladimir Dvorak wrote:

...
See man 8 sshd. I thing that the best choice would be the parameter no-pty in authorized_keys file. It will disallow to set up the terminal session.

Too easy but that did the job.

I think it really is _too_ easy. if you don't have a tty, you won't get the bash prompt. but that is about all there is to it.

you still can do what ever bash can do. sorry.

you have to be much more restrictive in the authorized_keys file, possibly forcing certain commands. which could parse $SSH_ORIGINAL_COMMAND for additional info ...

Lars Ellenberg

7215

Age (days ago)

7215

Last active (days ago)

security@lists.opensuse.org

4 comments

4 participants

tags (0)

participants (4)

Eduard Avetisyan
Lars Ellenberg
Michael 'bukhem' Scherer
Vladimir Dvorak