[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: question regarding sendmail
- To: ehud(at-nospam)unix.simonwiesel.co.il
- Subject: Re: question regarding sendmail
- From: Shachar Shemesh <linuxil(at-nospam)consumer.org.il>
- Date: Tue, 19 Jun 2001 09:25:02 +0300
- CC: Hetz Ben Hamo <hetz(at-nospam)magnifire.net>, linux-il(at-nospam)linux.org.il
- Delivered-To: linux.org.il-linux-il@linux.org.il
- References: <200106181357.f5IDvHQ12425@magnifire.net> <200106181940.WAA19847@linux.>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
- User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.14-5.0 i686; en-US; rv:0.9.1) Gecko/20010607
Ehud Karni wrote
>
>The 2nd way is using SSH tunneling. It is simpler and safer, but it
>has one catch - the user must have an account (not all my mail clients
>have UNIX accounts). Forward ports 110 and 25 and it'll work like magic
>with any mail client. Nobody can steal your password (use key
>authentication with/without passphrase) and nobody can read your mail!
>I use the Cygwin OpenSSH with rxvt on M$ Windoz. On linux, use OpenSSH
>with console or xterm.
>
>Ehud.
>
Well, not exactly.
Yes, you need the system to be able to authenticate you, but that does
not necessarily means a shell account.
Create a shell that accepts not input and gives no output. Create a user
(one user) that has no valid password (or a shared password to all your
users - that may also work). You are already 3/4 done.
All that is left is for you to take a public key from each of your
users, and tell this dummy user that that public key is allowed to log
in. By not placing the user's shell in /etc/shells you can prevent login
via FTP (actually - this is not neccesary, as the user has no valid
password).
Thus you have a list of users, who can authenticate with the machine for
port forwarding purposes, but can do nothing else. You have individual
control over the users (i.e. - they do not all use the same password),
and yet it only takes one real user on the machine.
Shachar
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il