I'd rather have a true noshell then a shell that simply hangs for security reasons) (this one would technically work, but the shell is simply a sleep command that runs for a very long time, and I'm worried about it being escaped. Related questions I found but do not quite fit:Ĭreate SOCKS tunnels with PuTTY and nologin If I try to setup the proxy in the SSH options for remote commands, it still doesn't run unless I allow a shell or other commands in the options. If I specify the "no shell or command" argument in the SSH settings, the proxy options don't seem to get setup. When PuTTY opens a tunnel through the default tunneling options, it has to open a shell which immediately disconnects upon login since the user has a /bin/false shell. If a regular ssh client is used, I can set the user shell to /bin/false and the user can specify the -N command when setting up the SOCKS proxy, but unfortunately for PuTTY users this doesn't seem to work (at least I couldn't get it working). I have looked at all the methods for setting up a SOCKS proxy with user accounts having things like /bin/false etc, but eitherĪ) they assume only a single port or host is being forwarded (whereas in this case I have a set of VPS instances that will change on demand in networking configs), orī) that a regular SSH client is in use rather than something like PuTTY (as much as I would love to force all the students to use a VM or install linux directly, that is not quite an option as the school uses PuTTY on their engineering hardware for student use). I am looking to eventually setup a full VPN, but in this case it's simply to allow access to certain machines with a IP whitelist, rather than full internal network access. The Proxy server is a CentOS 6.4 box, with SELinux enabled, and will not be running any other services besides the proxy. Well now that I am expanding and trying to get students at my local universities involved to expand their projects, they are going to need to start accessing some of these internal pages. So I have been using SSH tunnels to restrict access to internal sites or portions of public sites for a while now, and since only admins had SSH access at all I've been using standard non-root/sudo user accounts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |