Re: allow login from specific address
Todd H. a écrit :
> Sylvain Ferriol <sferriol@imag.fr> writes:
>
>
>>Todd H. a écrit :
>>
>>>Sylvain Ferriol <sferriol@imag.fr> writes:
>>>
>>>
>>>>hello
>>>>
>>>>i want to config a ssh gateway between internet and my intranet:
>>>>the specifications are:
>>>>- a user from internet can not login the ssh_gateway
>>>>- some users (admins) from intranet can login the ssh_gateway
>>>>
>>>>how can i do that ?
>>>>can i allow sshd to accept login only from an ip address range ?
>>>>
>>>>is it more secure to only accept port forwarding on ssh_gateway ?
>>>
>>>TCP Wrappers rather than an sshd config is the place to do this. THe
>>>30 second tutorial, assuming it's installed: edit /etc/hosts.deny
>>>Make this the one and only line: sshd: ALL
>>
>>the problem is that i want to allow port forwarding from internet to
>>intranet like this:
>>ssh -N -L 4444:foo_server:4444 sshd_gateway
>
>
> Are your requirements are opposed to each other?
>
> If you want to allow a forward connection from internet to intranet on
> the gateway to set up that port forwarding, you can't prohibit "a user
> from internet can not login the ssh_gateway."
why ?
>
> Or are you saying you want to allow this port forwarding, but no
> interactive login shells from internet users?
>
yes
|