FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 03-21-2012, 05:15 PM
Csanyi Pal
 
Default Setup SSH to login from Internet to system behind firewal and sudo for few commands

Hi,

I have a desktop machine: Debian GNU/Linux wheezy/sid system that is
behind a Debian GNU/Linux Squeeze firewall/gateway.

I want to setup firewall/gateway for an user to can login with SSH into
my desktop from the Internet.

After the user logged in with SSH, I want to let it run commands:
apt-get and apt-cache only.

Is this possyble?
If yes, how can I log the activities of that user?

Any advices will be appreciated!

--
Regards from Pal


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 874nth252t.fsf@gmail.com">http://lists.debian.org/874nth252t.fsf@gmail.com
 
Old 03-21-2012, 05:52 PM
Dan Ritter
 
Default Setup SSH to login from Internet to system behind firewal and sudo for few commands

On Wed, Mar 21, 2012 at 07:15:38PM +0100, Csanyi Pal wrote:
> Hi,
>
> I have a desktop machine: Debian GNU/Linux wheezy/sid system that is
> behind a Debian GNU/Linux Squeeze firewall/gateway.
>
> I want to setup firewall/gateway for an user to can login with SSH into
> my desktop from the Internet.
>
> After the user logged in with SSH, I want to let it run commands:
> apt-get and apt-cache only.
>
> Is this possyble?
> If yes, how can I log the activities of that user?
>
> Any advices will be appreciated!

Well, you *could* do that:

1. man sshd, read the section AUTHORIZED_KEYS FILE FORMAT to
restrict commands

2. remember that you need to authorize them to do this with
sudo, so edit /etc/sudoers appropriately.

but I really suggest you NOT do this, unless you are the user in
question. Remember that the power of apt-get as root can trash
your machine.

If what you want is automated or semi-automated updates, you
could do worse than run apticron.

A little more advanced would be to create your own apt
repository, and only move packages into it when you have already
vetted them and want them applied. Then you can safely run
apticron with automatic installation.

You'll get better advice if you explain what you're trying to
do.

-dsr-


--
http://randomstring.org/~dsr/eula.html is hereby incorporated by reference.
You can't fight for freedom by taking away rights.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120321185204.GR11128@randomstring.org">http://lists.debian.org/20120321185204.GR11128@randomstring.org
 
Old 03-24-2012, 04:18 PM
Pál
 
Default Setup SSH to login from Internet to system behind firewal and sudo for few commands

Hi Dan,

Dan Ritter <dsr <at> randomstring.org> writes:

> On Wed, Mar 21, 2012 at 07:15:38PM +0100, Csanyi Pal wrote:

> > I want to setup firewall/gateway for an user to can login with SSH into
> > my desktop from the Internet.
> >
> > After the user logged in with SSH, I want to let it run commands:
> > apt-get and apt-cache only.
> >
> > Is this possyble?
> > If yes, how can I log the activities of that user?

> Well, you *could* do that:
> but I really suggest you NOT do this, unless you are the user in
> question. Remember that the power of apt-get as root can trash
> your machine.

> You'll get better advice if you explain what you're trying to
> do.

I think it would be better if I install on my VirtualBox a Debian GNU/Linux
wheezy/sid system and allow an user from the Internet to SSH into that system on
VB and there uses whatever command he like as root. Is it possible to have this
setup? Is it possible to SSH into a system that run in a VirtualBox?

Regrads, from Pál



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: loom.20120324T181455-88@post.gmane.org">http://lists.debian.org/loom.20120324T181455-88@post.gmane.org
 
Old 03-26-2012, 02:27 PM
Andrei POPESCU
 
Default Setup SSH to login from Internet to system behind firewal and sudo for few commands

On Sb, 24 mar 12, 17:18:38, Pál wrote:
>
> I think it would be better if I install on my VirtualBox a Debian GNU/Linux
> wheezy/sid system and allow an user from the Internet to SSH into that system on
> VB and there uses whatever command he like as root. Is it possible to have this
> setup? Is it possible to SSH into a system that run in a VirtualBox?

Do you want to have a toy system to be used by friends?

Kind regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
 
Old 03-26-2012, 06:17 PM
Csanyi Pal
 
Default Setup SSH to login from Internet to system behind firewal and sudo for few commands

Andrei POPESCU <andreimpopescu@gmail.com> writes:

> On Sb, 24 mar 12, 17:18:38, Pál wrote:
>>
>> I think it would be better if I install on my VirtualBox a Debian
>> GNU/Linux wheezy/sid system and allow an user from the Internet to
>> SSH into that system on VB and there uses whatever command he like as
>> root. Is it possible to have this setup? Is it possible to SSH into a
>> system that run in a VirtualBox?
>
> Do you want to have a toy system to be used by friends?

Well, after all, I think you have right.

I change my mind. I don't want anymore to allow such SSH access for a
friend. I advices him to install on his VirtualBox a Debian GNU/Linux
wheezy/sid system and play there as he like.

--
Regards from Pal


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87mx73grb6.fsf@gmail.com">http://lists.debian.org/87mx73grb6.fsf@gmail.com
 

Thread Tools




All times are GMT. The time now is 07:12 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org