gwhelchel @ Sat Oct 25 15:48:03 EEST 2014 I am wanting to setup an SSH tunnel in CrushFTP 7 to allow certain clients encrypted access to my Squid3 proxy. I've been doing it via SSH/SOCKS5 login to the server, but I want to figure out a way to not give them a command prompt into the server. I'd rather not have to use a restricted shell or chroot the users. It looks like the SSH port forwarding feature of Crush might work for this, but I can't seem to figure out how to configure it. Has anyone had any experience with this that could give me a few tips? For one, I'm not sure what, if anything, needs to be configured on the client's side. And, how is the SSH connection authenticated?
-N stops the creation of a shell which CrushFTP would reject. Its all standard ssh syntax.
To make the tunnel in CrushFTP, go to the prefs, tunnels, add a new tunnel, type SSH, port 2525, 127.0.0.1, and destination some server.com port 80. If you make it "user configurable" then the connecting user can choose any location they like...but if you specify a specific location and don't make it user configurable, it won't allow anything.
Once the tunnel is made, go to the User Manager, tunnels section for a username and add the tunnel to their account.
about 3 years ago
gwhelchel @ Wed Oct 29 13:11:10 EET 2014 Thanks, Ben.
That worked perfectly. The thing that was throwing me off was I didn't realize that Crush would reject a shell prompt. I was trying to set it up without the -N switch. It's all working great now.