Re: ssh man page about 'tunnel' feature

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Catalin Patulea wrote:
> The following entry would permit connections on tun(4)
> device 1 from user "jane" and on tun device 2 from user "john",
> if PermitRootLogin is set to "forced-commands-only":
> 
> tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
> tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john
> --
> 
> Is that true?

Yes.

> Can /root authorized_keys set keys for other users?

jane and john are not neccessarily local users, they are usernames
in the comment fields of the two authorized public keys.

The comment by default reflects the current username on the system
where a key was generated.

If that happened to have been on the local system, then local users
jane and john are indeed authorized to create tunnels, but that use
case doesn't make much sense.


//Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux