SSH VPN tunnel without having to enable root

ssh root vpn tunneling

Solution 1:

Normally on most distributions of Linux you can't bind to ports lower than 1024 without privileges.

It may however be that what you want to do can be achieved a different way. For example, if you are a web developer trying to work remotely you may want to use a Dynamic tunnel in Putty as a SOCKs proxy to have your browser requests come out at the destination server's end. Also any local port forwarding done with an SSH tunnel is reliant on permissions at the connecting user's end, not the server end. The only time permissions becomes an issue is when doing a Remote tunnel.

If you want to fully VPN over SSH, some customisation will be required at both ends. See this guide for quite a thorough walk through. That guide describes the process with a Linux remote user connecting to a Linux server. The process is not as simple (I don't even know how you'd do it nicely!) if the remote user is running Windows.

Solution 2:

A variation of that question would be: Can you lock down an ssh VPN over the root account so that the tun* devices can be setup but nothing else can be done? (shell, file transfer, port fwd, etc.)

This list of security options for sshd, etc may help figure this out: https://askubuntu.com/questions/48129/how-to-create-a-restricted-ssh-user-for-port-forwarding

Related

change scp default directory in `~/.ssh/config`
Why isn't htaccess following this php_value directive?
Upgrading a mongo cluster
PHP date.timezone warning
Very low requests/second with fresh NGINX install
How can I protect a Tomcat webapp that's reverse proxied in an Apache2 virtual host using basic authentication?
Delegate log off privilege?
In Chef, how do I access attributes set in the environment JSON from cookbook attributes files?
time sync with ntpd
How to setup network interface to have eth0 as dhcp and eth0:1 as static ip?
"route add default -iface em1" in rc.conf on FreeBSD
Command line speed test