From: Brian Reichert (reichertnumachi.com)
Date: Thu Sep 22 2005 - 12:33:47 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 22, 2005 at 09:22:38AM -0700, David Wolfskill wrote:
> On Thu, Sep 22, 2005 at 04:27:18PM +0100, markzero wrote:
> > Hello.
> >
> > I once read somewhere that it's possible to limit SSH pubkeys to
> > 'tunnel-only'. I can't seem to find any information about this
> > in any of the usual places.
> > ...
> > Can this be done with OpenSSH? I'd like to try and stay away from
> > the complexities of a chrooted-stunnel for now...
>
> See the section "AUTHORIZED_KEYS FILE FORMAT" in the sshd man page.
>
> There is also a discussion of this in the O'Reilly _SSH_ book.

Sorry for the arm-wave (in that I don't have the details of this
rumor), but I recall it's possible, via a client, to screw with the
remote environment, as to supply a different shell; that would affect
these tactics, perhaps.

> Peace,
> david
> --
> David H. Wolfskill davidcatwhisker.org
> Prediction is difficult, especially if it involves the future. -- Niels Bohr

--
Brian Reichert <reichertnumachi.com>
55 Crystal Ave. #286 Daytime number: (603) 434-6842
Derry NH 03038-1725 USA BSD admin/developer at large
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]