Spread the love

PuTTY is a client for Telnet and SSH (putty.exe)

PSCP client for SCP (remote copying of files using encrypted scp protocol with command line control) (pscp.exe)

PSFTP SFTP Client (psftp.exe)

PuTTYtel Telnet Client

Plink command line interface to PuTTY (plink.exe)

Pageant SSH authentication agent for PuTTY, PSCP and Plink (pageant.exe)

PuTTYgen utility forgenerating RSA- and DSA-keys (puttygen.exe)

pterm autonomous terminal emulator (only for Unix version)

The user can install both the complete package and each module separately.

PuTTY and most utilities run only in one OS thread. The program is a free open source.

You may want to install a user shell on a limited shell. Delete the PATH variable in .bashrc or .bash_profile of the user, and they will not be able to execute any commands. Later, if you decide that you want to allow users to execute a limited set of commands, for example, less or tail, you can copy the allowed commands to a separate directory (for example, 1005). and update PATH to point to this directory. 17 votes

In addition to the author_keys option, such as no-X11-forwarding, there actually is one that you request: allowopen “host: port”. Using this option, the user can configure the tunnel only for the specified host and port.

For details on the AUTHORIZED_KEYS file format, see Man sshd. 9  votes

My solution is to provide a user who can only tunnel, without an interactive shell, to install this shell in etc passwd in usr bin tunnel_shell.

Please note that we use rbash (limited-bash) to limit user actions: the user cannot cd (change directory) and cannot set environment variables.

Then we change the PATH env variable of the user in /home/sshtunnel/.profile to nothing a trick that will make bash not find the commands to execute:

PATH Finally, we forbid the user to edit any files by setting the following permissions:

chmod 555 home sshtunnel cd home sshtunnel chmod 444 .bash_logout .bashrc .profile 0 votes

I made a C program that looks like this:

void sig_handler (int signo) if (signo SIGHUP) exit (0); int main signal (SIGINT, sig_handler); signal (SIGTSTP, sig_handler); printf (“OK n”); while (1) sleep (1); exit (0); I installed a restricted user shell for this program.