Re: How disable forwarding-only connections (i.e. non-shell/command non-sftp connections)? (Maybe this is a feature request!)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, Nov 26, 2015 at 4:49 PM, Tinker <tinkr@xxxxxxxxxxxxxxx> wrote:
> On 2015-11-26 13:33, Darren Tucker wrote:
[...]
>>  What is the script going to do?

You didn't answer this.

> How would you do it using bsdauth?
>
> (PAM seems very redundant to install on OBSD.)

You are using OpenBSD or something else?

[...]
>> This sounds a bit like what authpf[1] does.  I imagine you could write
>> firewall rules to block outgoing tcp connections from sshd until after
>> authpf runs, if that is an option for you.
>
> (That sounds like a very indirect approach, in particular as it would cover
> only some connections?)

Assuming you write the PF rules to do so you should be able to match
local processes (using "user" rules and the $user_id authpf macro) as
well as connections from the IP address they're logging in as (using
"from" rules and $user_ip macro).

But all of this is speculative because you still have not described
what the objective of this exercise is.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux