From owner-freebsd-questions@FreeBSD.ORG Fri Jul 22 20:02:27 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E59A216A41F for ; Fri, 22 Jul 2005 20:02:27 +0000 (GMT) (envelope-from pcgeek86@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F8CB43D48 for ; Fri, 22 Jul 2005 20:02:27 +0000 (GMT) (envelope-from pcgeek86@gmail.com) Received: by wproxy.gmail.com with SMTP id 71so450139wri for ; Fri, 22 Jul 2005 13:02:26 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:x-accept-language:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=Q109INzUalAGMDVxzGN6WOmtjysaCD6IlBCKVsvYYFUesWRq3Nb64gsbBtZ/lEQo8qh8T7IGzIry0HytiGsuX7B4J0dxqqHqSaG3zNpnvgLLNGyaVqRGn4nt6heHpxFXJTlUNFjhjAcw1jHKMY2tC9Vh2JsatboaCUA591oMTeY= Received: by 10.54.36.8 with SMTP id j8mr1462522wrj; Fri, 22 Jul 2005 13:01:43 -0700 (PDT) Received: from ?10.100.100.15? ([66.92.128.235]) by mx.gmail.com with ESMTP id d8sm1573201wra.2005.07.22.13.01.43; Fri, 22 Jul 2005 13:01:43 -0700 (PDT) Message-ID: <42E15358.7010709@gmail.com> Date: Fri, 22 Jul 2005 15:13:12 -0500 From: Trevor Sullivan User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Hornet References: <42E04707.5050405@gmail.com> In-Reply-To: X-Enigmail-Version: 0.92.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Restrict Tunneling thru SSH X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jul 2005 20:02:28 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hornet wrote: > On 7/21/05, Trevor Sullivan wrote: > >> Hello list, I am curious as to whether or not it is possible to >> restrict certain users from tunneling traffic through SSH. I >> would like to be able to tunnel my own traffic, but provide user >> logins that are restricted from accessing the rest of my inside >> network. Is it possible to restrict this by user? Thanks >> >> Trevor > > I'm pretty sure it is an all or nothing config option in sshd.conf > in the global sense. But you can make specific options for specific > hosts. > So could I possibly restrict SSH tunneling by IP (host)? I guess my concern is that if I create a user account, it will be able to tunnel to other machines on my network w/o restriction. Is the way to do this maybe a DMZ or separate VLAN? Trevor -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) iD8DBQFC4VNYoGycRpOgdeERA319AJ0Q44VnovrE/nqGuTnB3NfAnb42IgCfRPot OL28pYsfdGzXBe7oF9OuLSE= =AcY1 -----END PGP SIGNATURE-----