On Tue,09.Sep.08, 00:48:21, Andrei Popescu wrote: > Hi, > > Recently my mother (running Lenny) switched ISPs and is now behind a > NAT, which makes direct ssh access impossible. A reverse ssh tunnel can > solve this, but having her type a passphrase every time is hmm... > unrealistic. > > If I create a key without passphrase it would make my own system > vulnerable. Of course, I can put some restrictions on the key via the > authorized_keys file, but is that enough?
I have created a key-pair for this and put the following in .ssh/authorized_keys (basically I denied everything and then enabled just enough to make it work for my needs): command="/bin/true",no-agent-forwarding,no-pty,no-user-rc,no-X11-forwarding,permitopen="localhost:1234" Can anyone spot a possible attack vector? Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein)
signature.asc
Description: Digital signature
