On 2003/01/23 12:24:49PM +0100, Thu, I?aki Mart?nez wrote: > Hi!!! > > I have a server in internet and i want several clients to access to it via > SSH but i DON'T want they to be able to use SSH from that server. > > So i client can access the server via SSH, but s/he CAN NOT ssh to other > servers from my server... you can try iptables owner matching, CONFIG_IP_NF_MATCH_OWNER. i haven't tried it myself, but in theory this would work. iptables -A OUTPUT -p tcp --dport 22 --uid-owner 1002 -j DROP where the uid of the person you want to block is 1002, or you could take the other approach and specify the uid's you want to go out then drop the rest. --gid-owner could work if you put all the users you don't want to ssh out in single group. andrew -- "computer networks are infrastructure that you should be able to rely on, to take for granted, just like telephones and electricity. if you can't do that, then there's something wrong, something that can and should be fixed." - craig sanders
Attachment:
pgplrmMUqV1Kt.pgp
Description: PGP signature