| 1 |
Hi Nick |
| 2 |
|
| 3 |
I dont know about restrict permisson to X11Forward for specified groups. |
| 4 |
|
| 5 |
But you can type 'vipw' and change the shell from '/bin/bash' to |
| 6 |
'/usr/lib/misc/sftp-server' for the user that you only want to have access |
| 7 |
to ftp. |
| 8 |
|
| 9 |
How secure this is I dont know, but it seems to work ;o) |
| 10 |
|
| 11 |
/Rúni |
| 12 |
|
| 13 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 14 |
> Hash: SHA1 |
| 15 |
> |
| 16 |
> Take a look in rssh. http://rssh.sourceforge.net/ |
| 17 |
> |
| 18 |
> Its in Portage too! |
| 19 |
> |
| 20 |
> Regards, |
| 21 |
> Helder Rodrigues |
| 22 |
> |
| 23 |
> |
| 24 |
> Nick Gommans wrote: |
| 25 |
> |
| 26 |
> | Hello everyone, |
| 27 |
> | |
| 28 |
> | I just had a question about SSH that (hopefully) someone can answer fo |
| 29 |
> me. |
| 30 |
> | |
| 31 |
> | Is there a way of setting up the SSH server to restrict permission to |
| 32 |
> such |
| 33 |
> | extensions as X11Forwarding and Port Forwarding to members of specific |
| 34 |
> | groups? How about restricting SSH to only allow a user to use the |
| 35 |
> SCP/SFTP |
| 36 |
> | service but have no interactive shell (In an effort to eliminate users |
| 37 |
> from |
| 38 |
> | using FTP)? |
| 39 |
> | |
| 40 |
> | Is there any way I can achieve this level of control in OpenSSH? |
| 41 |
> | |
| 42 |
> | Thanks in advance, |
| 43 |
> | Nick |
| 44 |
> | |
| 45 |
> | |
| 46 |
> | -- |
| 47 |
> | gentoo-security@g.o mailing list |
| 48 |
> | |
| 49 |
> |
| 50 |
> -----BEGIN PGP SIGNATURE----- |
| 51 |
> Version: GnuPG v1.2.3-nr1 (Windows XP) |
| 52 |
> Comment: Helder Miguel Rodrigues - http://www.frew.org |
| 53 |
> |
| 54 |
> iD8DBQE/3qJ0XuDuuXe+pHkRAi7lAJ9e+Im7F+Y1Xi0wwSR/zFXRgVjSFwCgtUGA |
| 55 |
> RKAnPQMLh9oPUngmotU8CVs= |
| 56 |
> =HUuh |
| 57 |
> -----END PGP SIGNATURE----- |
| 58 |
> |
| 59 |
> -- |
| 60 |
> gentoo-security@g.o mailing list |
| 61 |
> |
| 62 |
> |
| 63 |
|
| 64 |
-- |
| 65 |
gentoo-security@g.o mailing list |
Archives