Page 1 of 1

Restrict SSH Access

Posted: 2018/06/05 19:25:52
by johnnyblaze
Hello Everyone,

I appreciate any and all input of information. This is my dilemma

I am not sure if this is possible but want to restrict ssh access in a way that a user can login via ssh but i do not want them to be able to ssh from that machine to anywhere else.

For example:

User is on his home laptop --> ssh into workstation with AD credentials ( I already restricted this with winbind ) --> Now the user is in his workstation but he can now ssh to any other computer on the network.

I do not want them to "hop" to any other machine once they are logged into their workstation.

Once again thank you in advance for any tips.

Re: Restrict SSH Access

Posted: 2018/06/06 09:56:08
by tunk
Close the firewall for outgoing ssh.
Remove execute bit for /usr/bin/ssh "other". Don't know if this is good practice.

Re: Restrict SSH Access

Posted: 2018/06/06 13:05:48
by MartinR
The latter will not stop

Code: Select all

$ sh /usr/bin/ssh
from working.

Re: Restrict SSH Access

Posted: 2018/06/06 14:16:10
by TrevorH
It's possible to yum remove openssh-clients but that would stop anyone on there from running ssh/sftp/scp/slogin and ssh-{add,agent,copy-id,keyscan} but that may be an acceptable solution.