[lugm.org] SSH Tunneling vs VPN

Keshwarsingh Nadan Keshwarsingh.Nadan at servihoo.net
Tue May 19 19:18:05 UTC 2015 

"Is there any way to create a very limited user on linux for this purpose?²

Your can accomplish your wishes by following;

http://olivier.sessink.nl/jailkit/index.html#intro

Regards,
K

On 5/18/15, 20:09, "Yuv Joodhisty" <locustv2 at gmail.com> wrote:

> What do you mean by a jailkit Keshwarsingh?
> 
> @Loganaden - actually its just a ubuntu server running on my VM and im using
> putty on windows to ssh to the server. everything works until i add the
> PermitTTY 0 to my sshd config and putty cant open the ssh connection.
> 
> On Mon, May 18, 2015 at 1:42 PM, Keshwarsingh Nadan
> <Keshwarsingh.Nadan at servihoo.net> wrote:
>> And who is "puffy software" ?
>> 
>> Sent from my iPhone
>> 
>> On May 18, 2015, at 12:08, Loganaden Velvindron <gnukid1 at yahoo.co.uk> wrote:
>> 
>>> Is this a server in production ?
>>> 
>>> I can answer this question through my own company (Puffy software).
>>> 
>>> 
>>> 
>>> On Monday, 18 May 2015, 10:29, Yuv Joodhisty <locustv2 at gmail.com> wrote:
>>> 
>>> 
>>> Hey guys, 
>>> 
>>> I looked at your suggested methods and it seems that the PermitTTY is a much
>>> cleaner solution.
>>> 
>>> I just tried using this method by adding a group 'sshusers' which then i
>>> allowed using AllowGroups sshusers followed by PermitTTY 0.
>>> When i try to ssh using this config, i am getting a connection error. It
>>> doesn't even prompt for the user's password. Any idea?
>>> 
>>> Also how can i have PermitTTY 0 for only a specific group while the rest can
>>> run a shell?
>>> 
>>> Thanks
>>> Yuv
>>> 
>>> On Fri, May 15, 2015 at 8:15 PM, Keshwarsingh Nadan
>>> <Keshwarsingh.Nadan at servihoo.net> wrote:
>>>> Chroot ? Much better?
>>>> 
>>>> Sent from my iPhone
>>>> 
>>>> On May 15, 2015, at 20:09, Loganaden Velvindron <gnukid1 at yahoo.co.uk>
>>>> wrote:
>>>> 
>>>>> Dear Yuv,
>>>>> 
>>>>> Please set a User/Match rule in sshd for this user and disable PTY
>>>>> allocation using:
>>>>> 
>>>>> PermitTTY 0.
>>>>> 
>>>>> No TTY allocation doesn't allow a user to run a shell. He can only tunnel
>>>>> :)
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> On Thursday, 14 May 2015, 14:01, Yuv Joodhisty <locustv2 at gmail.com> wrote:
>>>>> 
>>>>> 
>>>>> I prefer SSH Tunneling also and it is easier to configure than a VPN.
>>>>> 
>>>>> But i have some question though. Let's say you have a small server and
>>>>> other users need to access it via ssh tunneling. Is there any way to
>>>>> create a very limited user on linux for this purpose? A user who cannot do
>>>>> any root commands, sudo su, etc.., or even cannot do anything at all. I
>>>>> don;t know much about user administration on linux.
>>>>> 
>>>>> Thanks
>>>>> Yuv
>>>>> 
>>>>> On Thu, May 7, 2015 at 10:24 AM, selven <pcthegreat at gmail.com> wrote:
>>>>>> I prefer to do tunneling via ssh that to fiddle with anything vpn, though
>>>>>> i don't do these for users. Mostly for private use.
>>>>>> 
>>>>>> On Wed, May 6, 2015 at 8:04 PM, Yuv Joodhisty <locustv2 at gmail.com> wrote:
>>>>>>> Hey guys, what do you think about SSH Tunneling, a.k.a Poor Techie's VPN
>>>>>>> vs VPN. Anyone here got experience in using any of these want to share
>>>>>>> some thoughts?
>>>>>>> 
>>>>>>> Regards
>>>>>>> Yuv
>>>>>>> 
>>>>>>> __________________________________________________________
>>>>>>> Linux User Group of Mauritius (LUGM) Discuss mailing list
>>>>>>> Website: http://lugm.org <http://lugm.org/>
>>>>>>> Mailing list archive:
>>>>>>> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>>>>>>> Forum: http://lugm.org/forum/
>>>>>>> IRC: #linux.mu <http://linux.mu/>  on Freenode
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> -- 
>>>>>> Pirabarlen Cheenaramen | $3|v3n
>>>>>> L'escalier
>>>>>> mobile: +230 549 24 918
>>>>>>  <mailto:god at hackers.mu>
>>>>>> blog <http://thegodof.net/>  || fb <http://godify.me/>  || pgp
>>>>>> <http://hackers.mu/pgpselven.txt>
>>>>>> /*memory is like prison*/
>>>>>> (user==selven)?free(user):user=malloc(sizeof(brain));
>>>>>> P Save electricity & disk space. Cat this mail to >/dev/null 2>&1 after
>>>>>> use.
>>>>>> 
>>>>>> __________________________________________________________
>>>>>> Linux User Group of Mauritius (LUGM) Discuss mailing list
>>>>>> Website: http://lugm.org <http://lugm.org/>
>>>>>> Mailing list archive:
>>>>>> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>>>>>> Forum: http://lugm.org/forum/
>>>>>> IRC: #linux.mu <http://linux.mu/>  on Freenode
>>>>> 
>>>>> 
>>>>> __________________________________________________________
>>>>> Linux User Group of Mauritius (LUGM) Discuss mailing list
>>>>> Website: http://lugm.org <http://lugm.org/>
>>>>> Mailing list archive:
>>>>> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>>>>> Forum: http://lugm.org/forum/
>>>>> IRC: #linux.mu <http://linux.mu/>  on Freenode
>>>>> 
>>>>> 
>>>>> __________________________________________________________
>>>>> Linux User Group of Mauritius (LUGM) Discuss mailing list
>>>>> Website: http://lugm.org <http://lugm.org/>
>>>>> Mailing list archive:
>>>>> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>>>>> Forum: http://lugm.org/forum/
>>>>> IRC: #linux.mu <http://linux.mu/>  on Freenode
>>>> 
>>>> __________________________________________________________
>>>> Linux User Group of Mauritius (LUGM) Discuss mailing list
>>>> Website: http://lugm.org <http://lugm.org/>
>>>> Mailing list archive:
>>>> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>>>> Forum: http://lugm.org/forum/
>>>> IRC: #linux.mu <http://linux.mu/>  on Freenode
>>> 
>>> 
>>> 
>>> __________________________________________________________
>>> Linux User Group of Mauritius (LUGM) Discuss mailing list
>>> Website: http://lugm.org
>>> Mailing list archive:
>>> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>>> Forum: http://lugm.org/forum/
>>> IRC: #linux.mu <http://linux.mu>  on Freenode
>> 
>> __________________________________________________________
>> Linux User Group of Mauritius (LUGM) Discuss mailing list
>> Website: http://lugm.org
>> Mailing list archive:
>> http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/
>> Forum: http://lugm.org/forum/
>> IRC: #linux.mu <http://linux.mu>  on Freenode
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/attachments/20150519/8cdff5a8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5897 bytes
Desc: not available
URL: <http://discuss.lugm.org/pipermail/discuss_discuss.lugm.org/attachments/20150519/8cdff5a8/attachment.p7s>

More information about the Discuss mailing list