nsapost.blogg.se

> but client Y should be forbidden to connect with: ssh > Client Y to be able to connect with: ssh -L > I want client X to be able to connect with this command: > - On Thu, 8/13/09, Adriana Rodean wrote: I'm not Linux user, and have minimal knowledge about Linux, but maybe I mean restrict only client X (which is behind a certain ip address) If ssh can't i'm thinking maybe Linux can. If client X has remote port 1037 on the server then client Y should beįorbidden to do remote port-forwarding on port 1037 if client X is notĬan't it be restricted somehow with iptables or with some Linux commands? Yes that's exactly what i want, restrict certain REMOTE port forward values.

> connection from UID 500 to localhost, which is needed for ssh internal > but remember the -o \! lo, that means that iptables won't block any > you will enable only the port 80 for UID 500 (usernames can be used also). Iptables -I OUTPUT -o \! lo -m owner -uid-owner 500 -j DROP Sorry for the mistake, my LOGDROP is a "all-in-one" method for logging and > iptables -I OUTPUT -m owner -uid-owner 500 -p tcp -m state -state NEW -m > iptables -I OUTPUT -o \! lo -m owner -uid-owner 500 -j LOGDROP > each instance of ssh are excecuted with the UID determined by the SSH

> On Miércoles 12 Agosto 2009 11:53:30 Adriana Rodean escribió: On Miércoles 12 Agosto 2009 16:42:54 Aarón Mizrachi escribió: You will enable only the port 80 for UID 500 (usernames can be used also).īut remember the -o \! lo, that means that iptables won't block any connectionįrom UID 500 to localhost, which is needed for ssh internal work. Iptables -I OUTPUT -m owner -uid-owner 500 -p tcp -m state -state NEW -m tcp Iptables -I OUTPUT -o \! lo -m owner -uid-owner 500 -j LOGDROP > Client version is openssh3.8p1, is windows client, and server versionĮach instance of ssh are excecuted with the UID determined by the SSH logon: > I use private/public keys authentication. > port-forwarding, client Y only port 1038 and so on. > For example i want client X to open only port 1037 on server through > Is it possible to restrict a client port-forwarding to one port? On Miércoles 12 Agosto 2009 11:53:30 Adriana Rodean escribió: