Last active
April 17, 2018 15:20
-
-
Save akhilman/29cc23535af48ae8bb11660787336121 to your computer and use it in GitHub Desktop.
ssh proxy с ограниченным дооступом
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| создаем пользователя pxy | |
| adduser pxy | |
| закрываем ему доступ к locahost, eth0 заменить на интерфейс смотрящий в интернет | |
| iptables -A OUTPUT -m owner --uid pxy -p tcp -o lo --dport 53 -j ACCEPT # allow dns | |
| iptables -A OUTPUT -m owner --uid pxy -o !eth0 -j DROP # deny localhost | |
| ip6tables -A OUTPUT -m owner --uid pxy -p tcp -o lo --dport 53 -j ACCEPT # allow dns | |
| ip6tables -A OUTPUT -m owner --uid pxy -o !eth0 -j DROP # deny localhost | |
| генерируем ssh ключи, добавляем публичный ключь в ~pxy/.ssh/authorized_keys вставив перед ним: | |
| no-agent-forwarding,no-X11-forwarding,command="echo socks is ready; read a; exit" | |
| что бы было примерно так: | |
| no-agent-forwarding,no-X11-forwarding,command="echo socks is ready; read a; exit" ssh-rsa AAAB3NzaC1y... | |
| проверяем с клиентской машины | |
| ssh -D localhost:5555 pxy@hostname | |
| links2 -only-proxies 1 -socks-proxy localhost:5555 http://ya.ru | |
| Основано на https://askubuntu.com/questions/48129/how-to-create-a-restricted-ssh-user-for-port-forwarding |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment