Hi Izak,
Thanks for your answer, but I think I didn't make myself clear enough
(or I simply didn't understand your answer, which is still possible...).
I don't want to restrict access to SSH logins, I want to restrict access
to a local port forwarding. Here's the complete story.
I have a server A that can SSH to a computer B. On B, I have a VNC
service running that I want to make available to a 3rd-party user. To do
that, I create a SSH tunnel from A to B, forwarding the port 36725 on A
to the port 5900 on B, making the local port on A accessible from the
outside world:
ssh -L *:36725:localhost:5900 user@B
Now the user uses a VNC client to connect to A:36725. What I'd like to
know is whether I can impose access restriction on A:36725, for instance
by limiting the number of accepted connections.
In your answer, you mention settings in sshd_config. These are for the
SSH daemon, right? Do these also apply to the SSH client that is doing
port forwarding?
Thanks.
Michael.
Max Jaxon a écrit :
Hi Michael,
Limit User Logins
SSH logins can be limited to only certain users who need remote
access. If you have many user accounts on the system then it makes
sense to limit remote access to only those that really need it thus
limiting the impact of a casual user having a weak password. Add an
AllowUsers line followed by a space separated list of usernames to
/etc/ssh/sshd_config. For example:
AllowUsers alice bob
and then restart the Daemon
Kind Regards,
Izak
On Fri, Jan 29, 2010 at 12:06 PM, Michael Goffioul
<michael.goffioul@xxxxxxxxxx <mailto:michael.goffioul@xxxxxxxxxx>> wrote:
Hi,
When creating a local port forwarding with SSH (using the -L
command flag), is
it possible to limit the number of clients that will be able to
connect to the
local port?
Let's say I do:
ssh -L 0.0.0.0:36725:localhost:7777 user@hostname
Can I limit the number of accepted clients on port 36725?
Thanks.
Michael.
--
Michael Goffioul
Software Engineer
Lincor Solutions Ltd.
Unit 6
Cork Technology Park, Model Farm Road, Cork
Tel: +353 21 4941618
Fax: +353 21 4342400
E-mail: michael.goffioul@xxxxxxxxxx
<mailto:michael.goffioul@xxxxxxxxxx>
Web: http://www.lincor.com
--
Met vriendelijke groet/ Kind Regards,
Izak Schipper MCSE Security+,CWNA,CCNA,C|PTS,C|EH,CISSP
Infrastructure Security Specialist
Tel: +31 (0) 6 3850 63 26