[X2Go-User] Questions regarding features and configuration advice of X2go
richard lucassen
mailinglists at lucassen.org
Mon Dec 20 16:14:32 CET 2021
On Mon, 20 Dec 2021 12:15:01 +0100
Stefan Baur <X2Go-ML-1 at baur-itcs.de> wrote:
> In short: forget about it. If you're allowing users SSH access for
> X2Go, they WILL be able to copy data. You can make it a little harder
> for them if you think you have to, but as long as they are in control
> of the client hardware, they will always be able to do so.
I have no complete answer to it, but if you use keys instead of
user/pass then you will be able to restrict ssh in
~/.ssh/authorized_keys
from="1.2.3.4,2.3.4.5,9.8.7.6",no-port-forwarding,command="/path/to/script",no-X11-forwarding,no-agent-forwarding,no-pty
ssh-rsa <key>
(all in 1 line)
This is an example of what I use here, I think there must be many other
options available.
see "man authorized_keys"
HTH
R.
--
richard lucassen
http://contact.xaq.nl/
More information about the x2go-user
mailing list