forbid openssh-client

Kernels & Hardware, configuring network, installing services

forbid openssh-client

Postby Debian_usr » 2018-02-22 17:29

Hello,

I'm trying to secure a debian server which is accessible via its openssh-server connection. But I would like to avoid user to use this server it to connect to other linux server via the ssh client installed on it.
The problem is that openssh-client is part of opensssh-server depency. Is there an elegant way to forbid user to use ssh command (apart from chmod 750 ssh), or deny tcp 22 output with iptables ?

Thank you
Debian_usr
 
Posts: 2
Joined: 2018-02-22 17:23

Re: forbid openssh-client

Postby TonyT » 2018-02-23 12:28

Try renaming /etc/ssh/ssh_config (client configuration file) to ssh_config.old, then test using ssh client and see if it fails.
TonyT
 
Posts: 554
Joined: 2006-09-04 11:57

Re: forbid openssh-client

Postby Debian_usr » 2018-02-24 08:10

Hello Tony,

Thanks, but not working.
Debian_usr
 
Posts: 2
Joined: 2018-02-22 17:23

Re: forbid openssh-client

Postby None1975 » 2018-02-24 13:59

Debian_usr wrote:Hello,

I'm trying to secure a debian server which is accessible via its openssh-server connection. But I would like to avoid user to use this server it to connect to other linux server via the ssh client installed on it.
The problem is that openssh-client is part of opensssh-server depency. Is there an elegant way to forbid user to use ssh command (apart from chmod 750 ssh), or deny tcp 22 output with iptables ?

Thank you


Hello. Is standard Linux ACL permission-based security not sufficient? Ok, check this.
User avatar
None1975
 
Posts: 699
Joined: 2015-11-29 18:23
Location: Lithuania, Vilnius

Re: forbid openssh-client

Postby TonyT » 2018-02-25 12:52

The openssh client is located at /usr/bin/ssh.
You could rename it to ssh.old.
Rename it back when you need it.
Or use a script that renames it (to disable it) and another to rename it back.
TonyT
 
Posts: 554
Joined: 2006-09-04 11:57


Return to System configuration

Who is online

Users browsing this forum: No registered users and 6 guests

fashionable