![]() Related questions I found but do not quite fit:Ĭreate SOCKS tunnels with PuTTY and nologin ![]() If I try to setup the proxy in the SSH options for remote commands, it still doesn't run unless I allow a shell or other commands in the options. If I specify the "no shell or command" argument in the SSH settings, the proxy options don't seem to get setup. When PuTTY opens a tunnel through the default tunneling options, it has to open a shell which immediately disconnects upon login since the user has a /bin/false shell. If a regular ssh client is used, I can set the user shell to /bin/false and the user can specify the -N command when setting up the SOCKS proxy, but unfortunately for PuTTY users this doesn't seem to work (at least I couldn't get it working). I have looked at all the methods for setting up a SOCKS proxy with user accounts having things like /bin/false etc, but eitherĪ) they assume only a single port or host is being forwarded (whereas in this case I have a set of VPS instances that will change on demand in networking configs), orī) that a regular SSH client is in use rather than something like PuTTY (as much as I would love to force all the students to use a VM or install linux directly, that is not quite an option as the school uses PuTTY on their engineering hardware for student use). I am looking to eventually setup a full VPN, but in this case it's simply to allow access to certain machines with a IP whitelist, rather than full internal network access. The Proxy server is a CentOS 6.4 box, with SELinux enabled, and will not be running any other services besides the proxy. Well now that I am expanding and trying to get students at my local universities involved to expand their projects, they are going to need to start accessing some of these internal pages. ![]() So I have been using SSH tunnels to restrict access to internal sites or portions of public sites for a while now, and since only admins had SSH access at all I've been using standard non-root/sudo user accounts. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |