[X2Go-User] Questions regarding features and configuration advice of X2go
richard lucassen
mailinglists at lucassen.org
Mon Dec 20 17:07:31 CET 2021
On Mon, 20 Dec 2021 16:53:44 +0100
Ulrich Sibiller <uli42 at gmx.de> wrote:
> > I have no complete answer to it, but if you use keys instead of
> > user/pass then you will be able to restrict ssh in
> > ~/.ssh/authorized_keys
> >
> > from="1.2.3.4,2.3.4.5,9.8.7.6",no-port-forwarding,command="/path/to/script",no-X11-forwarding,no-agent-forwarding,no-pty
> > ssh-rsa <key>
> >
> > (all in 1 line)
> >
> > This is an example of what I use here, I think there must be many
> > other options available.
>
> Although I only have used it with keys so far it seems not to be
> restricted to keys only, see man sshd_config:
> ForceCommand
> Forces the execution of the command specified by
> ForceCommand, ignoring any command supplied by the client and
> ~/.ssh/rc if present. The command is invoked by using the user's
> login shell
> with the -c option. This applies to shell, command, or
> subsystem execution. It is most useful inside a Match block. The
> command originally supplied by the client is available in the
> SSH_ORIGINAL_COMMAND environment variable. Specifying a
> command of internal-sftp will force the use of an in-process SFTP
> server that requires no support files when used with
> ChrootDirectory. The default is none.
Ok, thnx Uli for pointing this out. I'm not an authorized_keys
expert ;-)
R.
--
richard lucassen
http://contact.xaq.nl/
More information about the x2go-user
mailing list