On Tue, Jan 28, 2003 at 11:57:14AM -0800, Nate Campi wrote:
The right place to start is with your (openssh) authorized_keys file having settings like this:
no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss AAAAB3N... syslog-ng@remotehost "logging account only"
Haha, I crack myself up. I actually put in "no-port-forwarding" when answering a post about using ssh for just such a purpose. What a dufus. Anyways, the rest of what I said still applies. :) HINT: if you use ssh and want it to reconnect, set it up under daemontools <URL:http://cr.yp.to/daemontools.html> so that when it dies it starts right back up, and the output is properly logged with multilog (assuming you set up logging, which you should). Also look into forced commands if you want better security. You won't be forwarding straight into syslog-ng, but you'll rest better knowing you're doing as much as you can to prevent misuse of this account. Did I mention that stunnel makes it so you don't need to worry about all this? -- Nate Campi http://www.campin.net Without C, We would only have Pasal, Basi, and obol