Re: question about SSH / IPTABLES
Hi,
Iñaki Martínez écrivait :
> I have a server in internet and i want several clients to access to it
> via SSH but i DON'T want they to be able to use SSH from that server.
> So i client can access the server via SSH, but s/he CAN NOT ssh to other
> servers from my server...
> How can i do this???? Some SSH configuration??? Some Iptables rule???
Once you gave shell access, it's a bit difficult to forbid any networking...
Even if you remove the ssh client (rm /usr/bin/ssh), they may get it from
other place and download it to your server. Even if you forbid output
networking to port 22 (iptables -A OUTPUT -p tcp --dport 22 -j REJECT),
they may use another port number. Event if you forbid all networking except
one port (for exemple HTTP), they may use that opened port to do tunnelling
to be able to use SSH...
It really depend on the skills of your users and what you want to allow them
to do. First ask yourself, do I realy need to give them shell access?
Regards, J.C.
--
Jean Christophe ANDRÉ <jean-christophe.andre@auf.org> http://www.vn.refer.org/
Coordonnateur technique régional / Associé principal technologie projet Reflets
Agence universitaire de la Francophonie (AuF) / Bureau Asie-Pacifique (BAP)
Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam
/ Note personnelle : merci d'évitez de m'envoyer des fichiers PowerPoint ou \
\ Word ; voir ici : http://www.fsf.org/philosophy/no-word-attachments.fr.html /
Reply to: