LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-18-2009, 05:20 AM   #1
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 5.4, Mac OS 10.4 (tiger)
Posts: 1,005

Rep: Reputation: 79
SSH Tunneling with no shell prompt


Just trying to set-up, I am trying to set-up my Xen VPSs so that people can VNC into them if something goes wrong, naturally I want to do this as to make the VNC sessions as secure as possible but do not really want to give people direct access to Domain0. So I was wondering if their is a way to enable ssh tunneling without granting them a shell prompt, /sbin/nologin just closes the session straight away.
 
Old 04-18-2009, 07:22 AM   #2
cmdln
Member
 
Registered: Apr 2009
Location: Lawrence, KS
Distribution: Debian, Centos
Posts: 102
Blog Entries: 1

Rep: Reputation: 24
The only way I know of to do that is to use ssh keys.

append this to the beginning of the keyline in your authorized_keys file
Code:
no-pty,no-X11-forwarding,no-agent-forwarding,command=""
Quick rundown of keys ....

Generate keypair
Code:
ssh-keygen
* if you want customers to be able to use putty to create the tool you need to create a dsa key (at least I always have to)

Activate key
Code:
echo -n 'no-pty,no-X11-forwarding,no-agent-forwarding,command="" ' >> ~/.ssh/authorized_keys && cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Give the private key to your user and tell them how to use it.

Note: doing things this way there is really no way to restrict who uses what port or when so people could experience conflicts.

Also it could make for some interesting logs if you are being attacked via a tunneled connection. You may not pick it up, just something to think about.
 
Old 04-18-2009, 03:34 PM   #3
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 5.4, Mac OS 10.4 (tiger)
Posts: 1,005

Original Poster
Rep: Reputation: 79
Ah, not a bad way, generally I am just looking at my options of methods or ways to do things at the minute, I want to create a new system for forwarding a shell from a VM in the case of something like a misconfigured network script. I think I might be able to make some scripts out of this, after all I doubt people will really need three hours after all so the accounts will be disabled if not needed so to speak anyway, just want to limit things down as much as possible.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Connects but no shell prompt Trd79 Linux - Server 5 08-01-2008 11:58 AM
help with ssh tunneling rafa_gallego Linux - Networking 1 01-22-2008 10:45 AM
How can I allow ssh tunneling but not a shell? Or equivelent... nomb Linux - Security 3 01-02-2008 09:18 AM
LXer: Shell tip: Set the shell prompt and themes in Linux Terminal LXer Syndicated Linux News 0 06-12-2007 03:02 AM
tunneling with ssh barbanero Linux - Security 2 01-24-2002 10:53 AM


All times are GMT -5. The time now is 01:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration