Catalin Patulea wrote: > The following entry would permit connections on tun(4) > device 1 from user "jane" and on tun device 2 from user "john", > if PermitRootLogin is set to "forced-commands-only": > > tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane > tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john > -- > > Is that true? Yes. > Can /root authorized_keys set keys for other users? jane and john are not neccessarily local users, they are usernames in the comment fields of the two authorized public keys. The comment by default reflects the current username on the system where a key was generated. If that happened to have been on the local system, then local users jane and john are indeed authorized to create tunnels, but that use case doesn't make much sense. //Peter _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev