Re: force port redirection for list of users

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi, can we avoid client side changes.

Can we change sshd_config some thing like:
except linux users, redirect  rest of the users to use port 2024. Now the
rest of the users are not linux users and are dynamically created. Hence
its entry cant be there in /etc/passwd or  sshd_config Allowusers  , Please
suggest if there is a better way. (using PAM would be  a major change for
us , so it doesnt work)

Match user !root,!guest
ForceCommand .  /etc/redirect2024



cat /etc/redirect2024
read user
ForceCommand ssh -A -p 2024 $user@localhost


Regards,
Sudarshan



On Tue, Jul 18, 2017 at 11:18 PM, Sudarshan Soma <sudarshan12s@xxxxxxxxx>
wrote:

> Thanks somuch. I am checking it.
>
> Best Regards,
>
> On Tue, Jul 18, 2017 at 9:08 PM, Reuti <reuti@xxxxxxxxxxxxxxxxxxxx> wrote:
>
>>
>> > Am 08.07.2017 um 18:41 schrieb Sudarshan Soma <sudarshan12s@xxxxxxxxx>:
>> >
>> > Hi ,
>> > I have the following requirement .
>> > other than following users, any other user sshd connection should be
>> > redirected to 2024 instead of port 22.
>> > root, ftp, guest
>> >
>> > So
>> > ssh root@ip // should be sent to sshd  running at port 22
>> > ssh otheruser@ip // should be sent to sshd running at  port  2024
>> >
>> >
>> > I know that we can do something like this:
>> >
>> > ssh -o ProxyCommand='ssh -W localhost:2024 cliuser@ip' otheruser@
>> > <secadmin@10.220.167.184>ip
>> >
>> > will take to otheruser login to port 2024 after sshd_config settings
>> >
>> > Match user cliuser
>> >
>> > MaxSessions 0
>> >
>> >    PermitOpen localhost:2024
>> >
>> >
>> >
>> > This requires long command at the client side . Can this be made simple
>> like
>> >
>> >
>> > ssh otheruser@ip automatically goes to port 2024 after i make some
>> > redirection at sshd_config
>>
>> It could be implemented on the client side:
>>
>> - one global ssh_config wich defined to use port 2024 (always)
>> - three custom ssh_config files for the three users in question to use
>> port 22
>>
>> -- Reuti
>
>
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux