On Sat, 03 Mar 2007 21:20:15 Francis wrote:
>
> Ehud:
Please mail to the list, not to me ONLY.
> I apologize for being an inexperienced cygwin user, but how would I
> restrict the SSH user to one command only? Which command would PuTTY use
> to tunnel through to a remote host?
Please read the `ssh' and `sshd' man page.
This is not specific to Cygwin, so you better google for it.
You asked 2 questions.
1. You control the command a user can run by prefixing a restriction
to his/her key in the authorized_keys file. Something like:
command="exec dots.sh" ssh-dss AAAA....
You can other restrictions their like: permitopen="vnchost:5900"
which will allow connection only to this host and port.
2. To tunnel to anther machine you need to do "port forwarding", with
UNIX (Cygwin) ssh, you do it with the -L switch. I know you can do
it with Putty but it is done with its menus.
it seem that you need a restriction like this:
command="sleep 90",no-pty,permitopen="host1:port1",permitopen="host2:port2"
<key>
Please note: The restrictions are key depended, it will not apply if
the user logs in with a password, so change the /etc/sshd_config option
"PasswordAuthentication" to No !
And again, read the `ssh' and `sshd' man page.
Ehud.
--
Ehud Karni Tel: +972-3-7966-561 /"\
Mivtach - Simon Fax: +972-3-7966-667 \ / ASCII Ribbon Campaign
Insurance agencies (USA) voice mail and X Against HTML Mail
http://www.mvs.co.il FAX: 1-815-5509341 / \
GnuPG: 98EA398D <http://www.keyserver.net/> Better Safe Than Sorry
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
