[lugm.org] SSH Tunneling vs VPN
Keshwarsingh Nadan
Keshwarsingh.Nadan at servihoo.net
Tue May 19 19:18:05 UTC 2015
"Is there any way to create a very limited user on linux for this purpose?²
Your can accomplish your wishes by following;
http://olivier.sessink.nl/jailkit/index.html#intro
Regards,
K
On 5/18/15, 20:09, "Yuv Joodhisty" <locustv2 at gmail.com> wrote:
> What do you mean by a jailkit Keshwarsingh?
>
> @Loganaden - actually its just a ubuntu server running on my VM and im using
> putty on windows to ssh to the server. everything works until i add the
> PermitTTY 0 to my sshd config and putty cant open the ssh connection.
>
> On Mon, May 18, 2015 at 1:42 PM, Keshwarsingh Nadan
> <Keshwarsingh.Nadan at servihoo.net> wrote:
>> And who is "puffy software" ?
>>
>> Sent from my iPhone
>>
>> On May 18, 2015, at 12:08, Loganaden Velvindron <gnukid1 at yahoo.co.uk> wrote:
>>
>>> Is this a server in production ?
>>>
>>> I can answer this question through my own company (Puffy software).
>>>
>>>
>>>
>>> On Monday, 18 May 2015, 10:29, Yuv Joodhisty <locustv2 at gmail.com> wrote:
>>>
>>>
>>> Hey guys,
>>>
>>> I looked at your suggested methods and it seems that the PermitTTY is a much
>>> cleaner solution.
>>>
>>> I just tried using this method by adding a group 'sshusers' which then i
>>> allowed using AllowGroups sshusers followed by PermitTTY 0.
>>> When i try to ssh using this config, i am getting a connection error. It
>>> doesn't even prompt for the user's password. Any idea?
>>>
>>> Also how can i have PermitTTY 0 for only a specific group while the rest can
>>> run a shell?
>>>
>>> Thanks
>>> Yuv
>>>
>>> On Fri, May 15, 2015 at 8:15 PM, Keshwarsingh Nadan
>>> <Keshwarsingh.Nadan at servihoo.net> wrote:
>>>> Chroot ? Much better?
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On May 15, 2015, at 20:09, Loganaden Velvindron <gnukid1 at yahoo.co.uk>
>>>> wrote:
>>>>
>>>>> Dear Yuv,
>>>>>
>>>>> Please set a User/Match rule in sshd for this user and disable PTY
>>>>> allocation using:
>>>>>
>>>>> PermitTTY 0.
>>>>>
>>>>> No TTY allocation doesn't allow a user to run a shell. He can only tunnel
>>>>> :)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Thursday, 14 May 2015, 14:01, Yuv Joodhisty <locustv2 at gmail.com> wrote:
>>>>>
>>>>>
>>>>> I prefer SSH Tunneling also and it is easier to configure than a VPN.
>>>>>
>>>>> But i have some question though. Let's say you have a small server and
>>>>> other users need to access it via ssh tunneling. Is there any way to
>>>>> create a very limited user on linux for this purpose? A user who cannot do
>>>>> any root commands, sudo su, etc.., or even cannot do anything at all. I
>>>>> don;t know much about user administration on linux.
>>>>>
>>>>> Thanks
>>>>> Yuv
>>>>>
>>>>> On Thu, May 7, 2015 at 10:24 AM, selven <pcthegreat at gmail.com> wrote:
>>>>>> I prefer to do tunneling via ssh that to fiddle with anything vpn, though
>>>>>> i don't do these for users. Mostly for private use.
>>>>>>
>>>>>> On Wed, May 6, 2015 at 8:04 PM, Yuv Joodhisty <locustv2 at gmail.com> wrote:
>>>>>>> Hey guys, what do you think about SSH Tunneling, a.k.a Poor Techie's VPN
>>>>>>> vs VPN. Anyone here got experience in using any of these want to share
>>>>>>> some thoughts?
>>>>>>>
>>>>>>> Regards
>>>>>>> Yuv
>>>>>>>
>>>>>>> __________________________________________________________
>>>>>>> Linux User Group of Mauritius (LUGM) Discuss mailing list
>>>>>>> Website: http://lugm.org <http://lugm.org/>
>>>>>>> Mailing list archive:
>>>>>>> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>>>>>>> Forum: http://lugm.org/forum/
>>>>>>> IRC: #linux.mu <http://linux.mu/> on Freenode
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Pirabarlen Cheenaramen | $3|v3n
>>>>>> L'escalier
>>>>>> mobile: +230 549 24 918
>>>>>> <mailto:god at hackers.mu>
>>>>>> blog <http://thegodof.net/> || fb <http://godify.me/> || pgp
>>>>>> <http://hackers.mu/pgpselven.txt>
>>>>>> /*memory is like prison*/
>>>>>> (user==selven)?free(user):user=malloc(sizeof(brain));
>>>>>> P Save electricity & disk space. Cat this mail to >/dev/null 2>&1 after
>>>>>> use.
>>>>>>
>>>>>> __________________________________________________________
>>>>>> Linux User Group of Mauritius (LUGM) Discuss mailing list
>>>>>> Website: http://lugm.org <http://lugm.org/>
>>>>>> Mailing list archive:
>>>>>> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>>>>>> Forum: http://lugm.org/forum/
>>>>>> IRC: #linux.mu <http://linux.mu/> on Freenode
>>>>>
>>>>>
>>>>> __________________________________________________________
>>>>> Linux User Group of Mauritius (LUGM) Discuss mailing list
>>>>> Website: http://lugm.org <http://lugm.org/>
>>>>> Mailing list archive:
>>>>> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>>>>> Forum: http://lugm.org/forum/
>>>>> IRC: #linux.mu <http://linux.mu/> on Freenode
>>>>>
>>>>>
>>>>> __________________________________________________________
>>>>> Linux User Group of Mauritius (LUGM) Discuss mailing list
>>>>> Website: http://lugm.org <http://lugm.org/>
>>>>> Mailing list archive:
>>>>> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>>>>> Forum: http://lugm.org/forum/
>>>>> IRC: #linux.mu <http://linux.mu/> on Freenode
>>>>
>>>> __________________________________________________________
>>>> Linux User Group of Mauritius (LUGM) Discuss mailing list
>>>> Website: http://lugm.org <http://lugm.org/>
>>>> Mailing list archive:
>>>> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>>>> Forum: http://lugm.org/forum/
>>>> IRC: #linux.mu <http://linux.mu/> on Freenode
>>>
>>>
>>>
>>> __________________________________________________________
>>> Linux User Group of Mauritius (LUGM) Discuss mailing list
>>> Website: http://lugm.org
>>> Mailing list archive:
>>> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>>> Forum: http://lugm.org/forum/
>>> IRC: #linux.mu <http://linux.mu> on Freenode
>>
>> __________________________________________________________
>> Linux User Group of Mauritius (LUGM) Discuss mailing list
>> Website: http://lugm.org
>> Mailing list archive:
>> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>> Forum: http://lugm.org/forum/
>> IRC: #linux.mu <http://linux.mu> on Freenode
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/attachments/20150519/8cdff5a8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5897 bytes
Desc: not available
URL: <http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/attachments/20150519/8cdff5a8/attachment.p7s>
More information about the Discuss
mailing list