How to setup accounts with SSH connection rights only

I want to setup cygwin sshd on an SBS2003 server, to allow users to log
on to their workstations. What I don't want however is for the users to
log on with their SBS domain credentials.

I want them to log on with totally unprivileged accounts, which are
either cygwin only accounts that are not present in the Windows
accounts, or Windows accounts that are not part of the domain and have
only the minimum privileges required for them to log on to ssh and
forward their connections to their desktops.

I don't even want them to have the rights to amend their ssh keys by
running ssh_keygen after the logon to ssh or even see them, unless I
permit it.

How do I go about this?

Prof Chen

>>>>> "PC" == professor chen writes:

PC> I want to setup cygwin sshd on an SBS2003 server, to allow users
PC> to log on to their workstations. What I don't want however is for
PC> the users to log on with their SBS domain credentials.

If you allow publickey only, this will happen, since the server needs the
password (or Kerberos/NTLM via GSSAPI) to obtain domain credentials.

PC> I don't even want them to have the rights to amend their ssh keys
PC> by running ssh_keygen after the logon to ssh or even see them,
PC> unless I permit it.

The "or even see them" part doesn't make sense, since in order to log in
with publickey they must have the private keys, from which one can always
derive the public components.

--
Richard Silverman
res@qoxp.net

How to setup accounts with SSH connection rights only - SSH

Thread: How to setup accounts with SSH connection rights only

LinkBack

Tools

How to setup accounts with SSH connection rights only

Re: How to setup accounts with SSH connection rights only