Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: NickCritten on April 25, 2006, 11:59:52 AM

Title: Allow user SSH access from Server-Manager
Post by: NickCritten on April 25, 2006, 11:59:52 AM

Hi All,

I set up some of my remote users with SSH access so that they can RemoteDesktop over SSH to a PC inside the LAN.

Is anyone aware of a Contrib / Server-Manager hack I can use to add a tickbox or similar to the User part of Server-manager that will change the users shell to /bin/bash  ?

I'm perfectly capable of doing it from CLI, but the panel option would be very nice :-)

Cheers,

Title: Allow user SSH access from Server-Manager
Post by: NickCritten on April 25, 2006, 12:03:41 PM

Also is anyone aware of a very restrictive shell I could install, that would allow tunneling but very little else?

Cheers,

Title: Allow user SSH access from Server-Manager
Post by: crazybob on April 25, 2006, 02:49:54 PM

You can use the user remote access contrib from dungog.net to easily change the shell from server manager. As for a more restrictive shell, I do not know.

Have you considered using vpn to allow network access. That would let them connect to the network, but keep them from a CLI on the server

Title: Allow user SSH access from Server-Manager
Post by: NickCritten on April 25, 2006, 03:13:18 PM

Thanks I'll have a look at the dungog.net contrib.

I don't use VPNs for remote users as:

A) Too Flakey
B) Too Complex

With an ssh tunnel I can set up their laptops with Tunnelier (Freeware), which establishes the SSH, and the tunnel, then launches Remote Desktop,  all from one double-click.

Nice and easy and no support headaches for me.

Title: Allow user SSH access from Server-Manager
Post by: CharlieBrady on April 25, 2006, 11:53:29 PM

Quote from: "NickCritten"

Also is anyone aware of a very restrictive shell I could install, that would allow tunneling but very little else?

Are the restrictions of the default shell rssh not sufficient?

http://www.pizzashack.org/rssh/

Title: Allow user SSH access from Server-Manager
Post by: NickCritten on April 26, 2006, 12:46:48 AM

Quote from: "CharlieBrady"

Quote from: "NickCritten"

Also is anyone aware of a very restrictive shell I could install, that would allow tunneling but very little else?

Are the restrictions of the default shell rssh not sufficient?

http://www.pizzashack.org/rssh/

rssh doesn't allow tunneling

Title: Allow user SSH access from Server-Manager
Post by: CharlieBrady on April 26, 2006, 12:52:58 AM

Quote from: "NickCritten"

rssh doesn't allow tunneling

The shell doesn't do tunnelling - sshd does.

Title: Allow user SSH access from Server-Manager
Post by: NickCritten on April 26, 2006, 01:25:03 AM

Quote from: "CharlieBrady"

Quote from: "NickCritten"

rssh doesn't allow tunneling

The shell doesn't do tunnelling - sshd does.

Thats only half true... sshd creates one end of the tunnel, usually putty creates the other, and when putty logs onto rssh, it gets kicked out immediately.

As it happens I have always tested the tunnels with putty, and then set them up on tunelier once I've verified they work OK...  I just tried establishing a session to a user set up with rssh straight from tunnelier and it did bring the tunnel up.

I was actually under the impression that standard users had their shell set to null, as they were in SME 6.  I hadn't known about rssh until you mentioned it.