0

Is there a method to disallow a user from changing their outbound ssh credentials? I.e. restrict ssh -l username ip.address or ssh username@ip.address

Further clarification. Only allow the username of the current logged in user to use their username credential to ssh a remote host.

I could see aliasing the bin ssh to a shell script that checks target username@ip.address or -l username. And compare that against the local user variable then reject if not equal. But I would like to ask the community if there is a better way.

FYI this creates a convoluted search result as most are interested in restricting the incoming ip or username, not the outbound.

Also thanks for a million other useful answers from the community.

user472853
  • 1
  • If we are talking about openssh client, I cannot see a configuration way to enforce this, that the user could not override by runtime options. Aliasing or wrapping the command is not enough, because can be forced or bypassed using another ssh client. Maybe could you elaborate a bit more on what you need to achieve. – tonioc Jun 06 '18 at 12:23
  • Without going into specifics, I work in an environment that uses access control for the majority of my devices. I have a few rando vendor devices that don't support remote access control and need local username passwords configured. SSH cli access is limited by iptables and acl to a single linux jump server. But nothing is preventing my users from sharing each others credentials on those local accounts. Say Joe tech quits and the supervisor only delete's his ACS account. I can limit the local account devices being accessible from a single jump server, but how to limit outgoing user accounts? – user472853 Jun 11 '18 at 00:00
  • If client users have dedicated fixed IP addresses, a possible filtering could go through AllowUsers rules (or authorized_keys if key-based authentication is used). I can't see a reliable filtering mechanism on outgoing SSH if users have ability to use own software. – tonioc Jun 11 '18 at 07:54

0 Answers0