teleconsole icon indicating copy to clipboard operation
teleconsole copied to clipboard

Published 20 hours ago verified publisher icon gravitational

Share a port, but not a shell

Open probonopd opened this issue 3 years ago • 1 comments

I would like to share a certain port of my machine via teleconsole (e.g., port 5900 a VNC server is running on), but not a shell.

The other party should be able to view my screen using VNC over the forwarded port, but not be able to log into a shell on my computer.

Is that doable?

probonopd avatar Dec 02 '20 18:12 probonopd

With sshd one could do:

  PermitOpen 127.0.0.1:5900
  X11Forwarding no
  AllowAgentForwarding no
  ForceCommand /bin/false

When the user normally connects he will now be instantly disconnected because the /bin/false command will be triggered which does nothing but instantly exit with a code of 1. If you want to avoid this and keep your forwarding connection open, add the -N flag to the ssh command. This will not try to execute any command but still allows to setup TCP forwardings. (Source: https://unix.stackexchange.com/a/337445)

But with teleconsole?

probonopd avatar Dec 02 '20 19:12 probonopd