Allow SSH but deny Tunnel - BSD

This is a discussion on Allow SSH but deny Tunnel - BSD ; Hello, is it possible at FreeBSD (OpenSSH) to allow users login to console via ssh but deny users to build up an ssh tunnel via argument "-L" or "-D". Best Regards Marc...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Allow SSH but deny Tunnel

  1. Allow SSH but deny Tunnel

    Hello,

    is it possible at FreeBSD (OpenSSH) to allow users login to console via
    ssh but deny users to build up an ssh tunnel via argument "-L" or "-D".

    Best Regards Marc

  2. Re: Allow SSH but deny Tunnel

    Marc Freimann wrote:

    > is it possible at FreeBSD (OpenSSH) to allow users login to console via
    > ssh but deny users to build up an ssh tunnel via argument "-L" or "-D".


    see 'AllowTcpForwarding' in '/etc/ssh/sshd_config'

    HTH, Helmut

    --
    No Swen today, my love has gone away
    My mailbox stands for lorn, a symbol of the dawn

  3. Re: Allow SSH but deny Tunnel

    Am Mon, 28 Jan 2008 13:31:07 +0100 schrieb Helmut Schneider:

    > Marc Freimann wrote:
    >
    >> is it possible at FreeBSD (OpenSSH) to allow users login to console via
    >> ssh but deny users to build up an ssh tunnel via argument "-L" or "-D".

    >
    > see 'AllowTcpForwarding' in '/etc/ssh/sshd_config'
    >
    > HTH, Helmut


    Hello Helmut,

    thank you for this information.

    I forgot a very important detail. Is it possible to do it user based.
    For example I want to deny this ssh tunnel only for frank and hans.

    Best Regards Marcus

  4. Re: Allow SSH but deny Tunnel

    Marc Freimann wrote:
    > Am Mon, 28 Jan 2008 13:31:07 +0100 schrieb Helmut Schneider:
    >
    >> Marc Freimann wrote:
    >>
    >>> is it possible at FreeBSD (OpenSSH) to allow users login to console via
    >>> ssh but deny users to build up an ssh tunnel via argument "-L" or "-D".

    >>
    >> see 'AllowTcpForwarding' in '/etc/ssh/sshd_config'

    >
    > I forgot a very important detail. Is it possible to do it user based.
    > For example I want to deny this ssh tunnel only for frank and hans.


    See 'match' in 'man sshd_config'

    --
    No Swen today, my love has gone away
    My mailbox stands for lorn, a symbol of the dawn

+ Reply to Thread