Re: Port forwarding and access restriction

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Izak,

Thanks for your answer, but I think I didn't make myself clear enough (or I simply didn't understand your answer, which is still possible...). I don't want to restrict access to SSH logins, I want to restrict access to a local port forwarding. Here's the complete story.

I have a server A that can SSH to a computer B. On B, I have a VNC service running that I want to make available to a 3rd-party user. To do that, I create a SSH tunnel from A to B, forwarding the port 36725 on A to the port 5900 on B, making the local port on A accessible from the outside world:

      ssh -L *:36725:localhost:5900 user@B

Now the user uses a VNC client to connect to A:36725. What I'd like to know is whether I can impose access restriction on A:36725, for instance by limiting the number of accepted connections.

In your answer, you mention settings in sshd_config. These are for the SSH daemon, right? Do these also apply to the SSH client that is doing port forwarding?

Thanks.
Michael.
Max Jaxon a écrit :
Hi Michael,


    Limit User Logins

SSH logins can be limited to only certain users who need remote access. If you have many user accounts on the system then it makes sense to limit remote access to only those that really need it thus limiting the impact of a casual user having a weak password. Add an AllowUsers line followed by a space separated list of usernames to /etc/ssh/sshd_config. For example:

AllowUsers alice bob
and then restart the Daemon


Kind Regards,


Izak





On Fri, Jan 29, 2010 at 12:06 PM, Michael Goffioul <michael.goffioul@xxxxxxxxxx <mailto:michael.goffioul@xxxxxxxxxx>> wrote:

    Hi,

    When creating a local port forwarding with SSH (using the -L
    command flag), is
    it possible to limit the number of clients that will be able to
    connect to the
    local port?

    Let's say I do:

    ssh -L 0.0.0.0:36725:localhost:7777 user@hostname

    Can I limit the number of accepted clients on port 36725?

    Thanks.
    Michael.


    --
    Michael Goffioul
    Software Engineer

    Lincor Solutions Ltd.
    Unit 6
    Cork Technology Park, Model Farm Road, Cork

    Tel: +353 21 4941618
    Fax: +353 21 4342400
    E-mail: michael.goffioul@xxxxxxxxxx
    <mailto:michael.goffioul@xxxxxxxxxx>
    Web: http://www.lincor.com




--
Met vriendelijke groet/ Kind Regards,

Izak Schipper MCSE Security+,CWNA,CCNA,C|PTS,C|EH,CISSP

Infrastructure Security Specialist

Tel: +31 (0) 6 3850 63 26





[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux