How can ssh allowed to setup remote port forwarding but not execute commands?

Look at man sshd and search for AUTHORIZED_KEYS FILE FORMAT

What you want to do is create a public/private key pair, and put the public key in the ~/.ssh/authorized_keys file as normal. Then edit the authorized_keys file to add the string:

command="/bin/false",no-agent-forwarding,no-pty,no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:80"

It will end up looking kind of like:

command="/bin/false",no-agent-forwarding,no-pty,no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:80" ssh-dss AAAAC3...51R==

You would want to change the argument to 'permitopen' and possibly change some of the other settings, but I think that's basically it.

this article should set you in the right path

http://www.semicomplete.com/articles/ssh-security/

How can ssh allowed to setup remote port forwarding but not execute commands?

Tags:

Ssh

Ssh Tunnel

Port Forwarding

Related

Recent Posts