Re: Securing local host of reverse SSH tunnel?
Nate Bargmann writes:
> I am going to be deploying a Debian system at a location where I am
> unsure if I can make any inbound connection into that system. I am
> going to set up an SSH tunnel from that system to a host in my LAN.
> What I am concerned about is the remote possibility of theft and
> therefore exposing my LAN to an inbound connection where a shell prompt
> can be obtained. I will be setting up a private/public key pair. My
> plan is to SSH into the internal host and then initiate an SSH
> connection to the defined port and ultimately log into the remote
> system.
>
> The site is physically secure, but ... While I understand that at the
> remote end I can instruct the SSH client not to request a pseudo tty, if
> a thief has the private key, all he needs to do is initiate a connection
> and get a shell prompt on my internal host (due to being run from a
> startup script, the private key cannot be password protected, or can
> it?).
>
> What I would like to do is in some way configure the ssh daemon on my
> internal host to not allow any access other than allocating the port for
> the reverse connection. Ideally, this restriction should be based on
> the public key of the pair but I've not seen in sshd_config(5) a way for
> the Match directive to use the public key as its trigger.
To restrict what an SSH account can do, you can use the command="..."
setting in the autorized_keys file. It is documented in sshd(8). I use
it specifically to restrain the possible actions that can be done with
that private key. As the command, you can use any program or script
that can check the arguments and perform the requested action, without
allowing any unforeseen action.
--
Fabrice BAUZAC-STEHLY
PGP 015AE9B25DCB0511D200A75DE5674DEA514C891D
Reply to: