dcbill at volny
May 7, 2009, 11:37 AM
OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007
sshd port forwarding with no shell? chroot/jail?
I'd like to allow a client with an authorized key
to start port forwarding on a server to his machine
without actually needing to log in or do anything
on the machine, or more I'd prefer there be no
access except starting the forwarding when the
client demands it.
I tried just setting up the chroot with no files
copied into the chrooted tree, just the auth keys
(actually those seem to work fine even outside
the chroot). Is there an option to let the port
forwarding/tunnel start up without anything else?
Is there a minimum of system files I still have to
copy into the chroot?
Additionally, I tried 'permitopen "host:port"....' specifying the client
doing a remote port forward, but doesn't have any effect.
Any way to specify an allowed IP:port for a remote
tunnel, or this is only good for local -L tunnels?