Date: Thu, 22 Sep 2005 18:09:59 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: markzero <mark@darklogik.org> Cc: freebsd-security@freebsd.org Subject: Re: Tunnel-only SSH keys Message-ID: <20050922160959.GQ24643@obiwan.tataz.chchile.org> In-Reply-To: <20050922152718.GB91509@logik.internal.network> References: <20050922152718.GB91509@logik.internal.network>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > I once read somewhere that it's possible to limit SSH pubkeys to > 'tunnel-only'. I can't seem to find any information about this > in any of the usual places. > > I'm going to be deploying a few servers in a couple of days and > I'd like them to log to a central server over an SSH tunnel (using > syslog-ng) however I'd like to prevent actual logins (hence > 'tunnel-only'). > > Can this be done with OpenSSH? I'd like to try and stay away from > the complexities of a chrooted-stunnel for now... I think you can use /bin/false as shell, and then use ``ssh -nN'' from the client. I've not tested this, but I guess this should work. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050922160959.GQ24643>