Ubuntu Servers :: Restrict Users To Only SSH Tunnel - No Shell?
Jul 21, 2011
I have an Ubuntu 11.04 instance running on Amazon EC2. I am currently using it as an SSH tunnel/SOCKS proxy. Most of my Net activity is on a Windows 7 machine running PuTTY. This setup is working very well. So well that a few of my friends have expressed interest in accessing it. Question is, how do I share this proxy, without giving away my private key and root access? I would like to limit users to only being able to set up an SSH tunnel/SOCKS proxy, with no shell access. What other security measures would you recommend for such a setup? I googled a bit and saw references to rbash and chroot. I have already changed the SSH port, and set the EC2 firewall to allow inbound SSH only from my ISP's address range. My friends use the same ISP. They would probably be running Windows 7/Vista, and PuTTY too.
View 4 Replies
ADVERTISEMENT
Apr 30, 2010
I have Ubuntu Server 9.10 running with vsftpd and I want to restrict users from uploading certain file types (.exe, .avi) ect.. Is this possible?
View 1 Replies
View Related
Feb 25, 2010
I was planning on using my VPS to grant some of my friends shells. The problem though is that I don't want them doing crazy stuff on it, like using up all my RAM or disk space. I would like to limit them to a very small 25 mb disk space, and allow them only certain application in /usr/bin like python perl irssi screen etc. I do NOT want them to be able to cd out of their home directory. I really want this to be setup like the shell provider SHellium. I can setup the FTP and SSH stuff myself.
View 3 Replies
View Related
Apr 14, 2010
I've installed Ubuntu Desktop Ed 9 and I want to add a user account that would be very restricted. I would only want them to access the internet and run several programs. I do not want them to have access to the destkop, anything under preferences, administration etc... Is this possible?
View 1 Replies
View Related
May 3, 2011
I was just wondering how do i restrict someone from entering other files. Like other peoples files & the system files. My users are in /home/. I am running ubuntu 10.10.So how do i restrict access to other folders. Because i dont want other people looking inside others files or messing up my linux files.
View 3 Replies
View Related
Jun 22, 2011
While I successfully configured an IPsec-VPN (I use a similar tho modified setup like this:[URL].. I am now stuck on the next steps. While I can connect to everything I want, I need to configure "access-groups" and/or "users".
The scenario is similar to this: Lets say Host A, B and C allow SSH-Connections and some weird non-standard UDP-Connection from Host-VPN, and are also accessible on other ports with public IP's (like http).
I now want to limit, that an admin-user has access to all of them, while trainee-admin only can access everything on Host B and C, and CEO only can connect via telnet to Host C - and all users can be roadwarriors
(I made this example up to give you an idea what i'm trying to do - hope it makes sense). Now my question is, if someone can point me towards a direction, as I'm quite clueless at the current moment as to what to try. I know that commercial IPsec-Implementations can do this, but can OpenSWAN/... give me something similar?
View 1 Replies
View Related
Mar 12, 2011
I need a to allow a user to tunnel an ssh session but disallow them a bash shell. # chsh -s /sbin/nologin {username} won't cut it...? would permissions be the way to go with it? But how? Setup a group and add the user to that group? Or add all other users to that group... I'm confused
View 3 Replies
View Related
Jul 9, 2010
I am trying to have the SSH tunnel Remote forwarding command in a shell script. I should be able to do 2 tasks, but unable to get that going.1) I have 3 servers Server 1, Server 2, Server 3.I have my Database running on Server 1 and my script running on Server 2 which should be able to do port forwarding from Server 1 to Server 3.so for example on Server 2ssh -i $ssh_key -R 9000:Server1:3333 root@Server2.
I need to be able to stick this in a shell script something like
getTunnel()
{
[code]...
View 1 Replies
View Related
Dec 16, 2010
How would i go about restricting users to there home dir in sftp and in ssh so that they can not go poking about other dir and files thats above there home dir ?Operating systemCentOS Linux 5.4 Kernel and CPULinux 2.6.18-194.8.1.el5.028stab070.5PAE on i686
Also it will have to be a low resource usage as i dont have much memory on it
View 3 Replies
View Related
Jun 20, 2011
Is it possible to restrict users with 'sudo' from accessing certain directories? Rather than just exclude cd and ls from the sudo privileges, that is.
View 5 Replies
View Related
Oct 22, 2009
I want restrict telnet session to users.
That means the client login one user at a time. not multiple login.
For example:
I want restrict this. How to restrict one user to use multiple login.
View 4 Replies
View Related
Jul 1, 2010
I'd like to restricting my ftp users to access 1 particular folder.
we have a root folder called /home everyone has aces to that so they can operate.
but then there is /home/config how can i restrict certain users from access /config folder, since this is containing sensitive files I would like for no one else but my self to be able to access it.
View 3 Replies
View Related
Mar 16, 2011
How to prevent a user sending a mail to a particular user in an intranet mail server?I tried with /etc/mail/access file but could not.
View 4 Replies
View Related
May 11, 2010
I want the users to access servers via ssh public key only. By default they don't know their initial password and do need to change that when performing administrative tasks.For changing their passwords without knowing the old they need to switch to root for this special case.The only case it seems I don't have control is that users can not only change their password but also the password of other peoples. Does someone sees a solution (without apparmor/selinux and special /usr/bin/passwd.sh) to restrict users to only change their password?I miss the feature of using environment variables in sudoers file.
View 9 Replies
View Related
Feb 11, 2010
I have a debian-based ftp server running that I have created a few user accounts on. I will have clients uploading files to the server via ftp soon, and I need a way to restrict their access to only their home folders. I am not familiar with chroot, but from what I read, it can be used to restrict a user to their home folder, and that sounds perfect. How can I do this?
View 4 Replies
View Related
Oct 30, 2009
Is it possible in Linux to restrict POP3 or IMAP for particular users.I need a confirmation on this, that it is possible or not in Linux.
View 3 Replies
View Related
May 26, 2010
I am not sure whether it's possible or not. We running squid proxy server for our office. We restrict users using ACL to access the internet. There is some who do the followings:
1. Create a own proxy in there box who has the internet access.
2. Other users use those box as proxy and access to the internet.
View 3 Replies
View Related
May 28, 2011
How to restrict users to send mail to outside domains in qmail server, i have centos and qmail installed
View 14 Replies
View Related
Apr 22, 2010
I want to know is it possible in Sendmail to restrict some users from sending / receiving mail to / from outside world i.e. they should be able to send and receive mails only from local domain.
View 4 Replies
View Related
Feb 17, 2010
I have one Linux PC installed with Suse 11.1. In this I have created three users to get access.
Users able access their login from Windows PC via some utilities.
1. Putty
2. Xming
Users able login using both. With Putty there is no GUI. But with Xmings XLaunch they are able to get similar session as Linux Host PC. At this point of time the host linux PC will become too slow in perfarmance.
How to retrict the users not to open similar session by enablin/disabling some setting in Linux PC?
View 2 Replies
View Related
Aug 6, 2011
I have configured rssh 2.3 with openssh 5.8 on RHEL 5.6 64 bit to restrict the users to scp and sftp. When i try to sftp or scp it gives error connection closed. After long googling tried different solutions like add missing libraries, setuid to rssh_helper. I had full copy of /lib to /chroot/lib and /chroot/lib64 but no success. conf and log files are below for reference.
[Code]...
View 1 Replies
View Related
Jan 12, 2010
Hi, I have a server at my home which is a Ubuntu 9.1 which is setup as a NFS server using NFS v3. I am also using DYN DNS to access my home server remotely from another location using SSH. Everything works good, I can sucessfully log in to my server from my laptop via SSH, however my problem mounting my NFS share which consists of appx. 300 mp3 files. My question is:
1 How Do I Tunnel a NFS share through a SSH tunnel?
2 Is there any other configuration? needed to be done to the router?
3 is there anything needed to be configured to the server or my laptop?
4 Manual mounts is fine for me I don't care about automounting.
I just want to be able to mount the NFS share via the SSH Tunnel and play my music and access other files from my server.I just need the steps to set up this connection.
View 2 Replies
View Related
Aug 9, 2010
I know this has probably been solved multiple times, but I've searched the forum to no avail. I have a PPTP server setup properly with all ports forwarded correctly. A remote machine can connect and authenticate just fine. They get their IP assigned and everything.
The problem is that no traffic is being routed through the tunnel. Or, rather it is but the server doesn't seem to handle it. In a web browser I just get an error message. On a windows client I ran ipconfig and found a gateway address had not been assigned through the VPN tunnel. Could this be the problem? If so, how can I fix it?
View 1 Replies
View Related
Jan 11, 2011
Does anyone know the best and simplest way to do this? I'd like the share to be mounted over the tunnel on boot with as little scripting as possible and be as secure as possible without exposing more than one port to the outside. I will be trying this method: [URL]... once the tunnel is established and 'always on' NFS would take care of the file system mount obviously. Lots of the information I have been reading is not up to date it seems. Does anyone have any experience with this?
View 1 Replies
View Related
Oct 7, 2010
I'm running Ubuntu Server 10.04 32-bit.I'm looking to find if there is anyway I can lock down ubuntu so that remote access, whether it be SSH, ftp, apache.etc can be only accessed from a certain IP range, or a certain set of IPs?Essentially, we'll say the Server IP is 192.168.1.32, and I want the IP addresses 192.168.1.33-50 to be able to access the server, but no other IPs.I am in a switched environment, router's are not allowed to be placed on the network, and I do not have access to a DNS or DHCP server.Is there a way to do this in on the server via a configuration of some sort?
View 3 Replies
View Related
Nov 23, 2010
If I want to add Windows & Mac users as Samba users, must I first add them all as Ubuntu users? If so, since none of the other users will actually be working on the Ubuntu Server, how do I disable the other non-admin users on the Ubuntu Server login screen. I am using Webmin to administer some server settings, and command line for others.
View 3 Replies
View Related
Apr 12, 2010
I will mount a nfs share on a client with fstab. Is there a way to don't allow some users accessto that folder ?
View 4 Replies
View Related
Feb 3, 2011
I have an Ubuntu VPS running 10.10 x86_64
This is what is in my /etc/network/interfaces right now.
Code:
auto eth0
iface eth0 inet static
address 67.202.x.x
gateway 67.202.x.1
netmask 255.255.255.0
auto lo
iface lo inet loopback
My server.conf
code....
I can get the VPN server running and everything connects fine from the client. I just don't know how to tunnel all the traffic through the VPS because it involves making the bridge which I'm having trouble with. What exactly am I supposed to put in /etc/network/interfaces?
View 1 Replies
View Related
May 25, 2011
I've setup a FTP server in OpenSUSE 11.1 with KDE 3.5.x. (Pure-ftpd) But when I connect with an user to the FTP server I can browse to all folders on the OPENSUSE system, how can I setup one folder for all users and restrict the FTP connection to that folder only??
View 1 Replies
View Related
Jan 2, 2010
I've been searched for the related topic, but i couldn't found any of them. Basically, i want to set up a server to restrict internet access for other computer (windows box), but allow internet connection for kaspersky to download its database. Here are some questions:
1. Do i need two network card at the server box?
2. There are 8 computers but only 2 are allowed all internet connection, 6 of the rest are not allowed, all windows box can accept connection to download database from kaspersky.
3. Is it Iptables the best, easiest way to configure?
View 4 Replies
View Related
