Configure SSH to allow port forwarding but no commands for particular key?

ssh security

Solution 1:

You have to add no-pty,command="/bin/false" keyword before your key so it will look like this:

no-pty,command="/bin/false" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABBACzbcwCZNaN3HhHmpnaVrfZlNJ0HhPnOqEj
k2llms1OOPnEXetIlZuJw0UXbyMbhQbBl/E2wxXvXvF+jyLRR5yN6kBydM4LhjC0ej0PcH839vXd
uwJpDFjPw3s7r0VOhU1WRyk6Da6rX6shzabhQioIm3MHCjNOdywPb0k1cTj4yOxoOCOqGjmXK0
xxzTd+ZjTJqQGWzZ+8L8cVtKmU8kspYlCdhGWSv0Den36OsScnWTBn8A3X3lVJB5NkEm
BM1yKX4F6BhhD317VensEUu031PtFULeSF97IxDPmK36OFz9TPSf4d8Hp3BqtysqUlbWfEhYdHXj
+1Mn4xXZKiZhBh1DX youruser@yourhome

(This is all in a single line, I added the line breaks for readability).

Solution 2:

man sshd

Section AUTHORIZED_KEYS FILE FORMAT. You can restrict what users can port forward to simply by adding the ports and hosts you want to allow, like

permitopen="192.0.2.1:80"

Also you can restrict where do the user connect from, which commands can execute, etc.

Related

Godaddy : linking domain name to IP address
Generate a limited amount of random network traffic between 2 hosts
Simple web-frontend for remote svn administration? [closed]
Query schtasks using Powershell
How can I point my domain name to my Amazon EC2 Elastic IP address?
Why is PHP $_REQUEST array empty?
Rewriting 302 App Server ReDirect URLs with Apache Proxy in the Middle
What's the difference between: Verisign Thawte Geotrust Rapidssl certs?
Freeing up space in my SVN repository
Postgres vs MySQL: Which one is more difficult to scale out?
How can I test the security of my server?
SNMP - So I have a MIB. Now What?