Secure Shell
Re: Port forwarding and access restriction Feb 01 2010 08:10PM
Michael Goffioul (michael goffioul lincor com) (1 replies)
Hi Izak,

Thanks for your answer, but I think I didn't make myself clear enough
(or I simply didn't understand your answer, which is still possible...).
I don't want to restrict access to SSH logins, I want to restrict access
to a local port forwarding. Here's the complete story.

I have a server A that can SSH to a computer B. On B, I have a VNC
service running that I want to make available to a 3rd-party user. To do
that, I create a SSH tunnel from A to B, forwarding the port 36725 on A
to the port 5900 on B, making the local port on A accessible from the
outside world:

ssh -L *:36725:localhost:5900 user@B

Now the user uses a VNC client to connect to A:36725. What I'd like to
know is whether I can impose access restriction on A:36725, for instance
by limiting the number of accepted connections.

In your answer, you mention settings in sshd_config. These are for the
SSH daemon, right? Do these also apply to the SSH client that is doing
port forwarding?

Thanks.
Michael.
Max Jaxon a écrit :
> Hi Michael,
>
>
> Limit User Logins
>
> SSH logins can be limited to only certain users who need remote
> access. If you have many user accounts on the system then it makes
> sense to limit remote access to only those that really need it thus
> limiting the impact of a casual user having a weak password. Add an
> AllowUsers line followed by a space separated list of usernames to
> /etc/ssh/sshd_config. For example:
>
> AllowUsers alice bob
> and then restart the Daemon
>
>
> Kind Regards,
>
>
> Izak
>
>
>
>
>
> On Fri, Jan 29, 2010 at 12:06 PM, Michael Goffioul
> <michael.goffioul (at) lincor (dot) com [email concealed] <mailto:michael.goffioul (at) lincor (dot) com [email concealed]>> wrote:
>
> Hi,
>
> When creating a local port forwarding with SSH (using the -L
> command flag), is
> it possible to limit the number of clients that will be able to
> connect to the
> local port?
>
> Let's say I do:
>
> ssh -L 0.0.0.0:36725:localhost:7777 user@hostname
>
> Can I limit the number of accepted clients on port 36725?
>
> Thanks.
> Michael.
>
>
> --
> Michael Goffioul
> Software Engineer
>
> Lincor Solutions Ltd.
> Unit 6
> Cork Technology Park, Model Farm Road, Cork
>
> Tel: +353 21 4941618
> Fax: +353 21 4342400
> E-mail: michael.goffioul (at) lincor (dot) com [email concealed]
> <mailto:michael.goffioul (at) lincor (dot) com [email concealed]>
> Web: http://www.lincor.com
>
>
>
>
> --
> Met vriendelijke groet/ Kind Regards,
>
> Izak Schipper MCSE Security+,CWNA,CCNA,C|PTS,C|EH,CISSP
>
> Infrastructure Security Specialist
>
> Tel: +31 (0) 6 3850 63 26
>

[ reply ]
Re: Port forwarding and access restriction Feb 02 2010 10:20PM
Derek Martin (code pizzashack org)


 

Privacy Statement
Copyright 2010, SecurityFocus