1

Is there a way to make a remote port only accessible for a specific user?

My current setup:

I'm forwarding a port to my local machine to access it via SSH on the go. I am able to directly access my local machine without logging into the remote machine first.

For increased security I want that port not to be publicly accessible but accessible for specific users on the remote machine or any user thats logged in at the remote machine.

Short scheme of what im trying to achieve:

Internet -> ssh to remote machine -> login -> ssh to local machine via forwarded port -> login

Unkn0wn
  • 7
  • 5

1 Answers1

0

Port forwarding is a network item that does not support user filtering. That is because ports and IP traffic do not have anything to do with users. The payload of the traffic might have user information, but that is not typically access by network equipment.

As an alternative, you could use a VPN that does user based authentication. Some firewalls, like Sonicwall, have user based filtering, but that typically uses a proprietary client to track user info.

The more common way to do this on the network level is to filter by IP address. If your remote machine has a static IP. You can filter the port forward by IP address.

You haven't provided any information about your setup, other that logical flow, so it is hard to know what devices you have to work with.

Cory Knutson
  • 1,866
  • 12
  • 20
  • My remote machine is a Ubuntu dedicated server. My local machine is a Raspberry Pi running Debian. The raspberry Pi is doing some home automation work. To make it accessible over the internet, the Remote machine is running a Website that runs commands via ssh tunnel on the Pi. The reason I'm asking is I don't want the raspberry Pi to be exposed to the Internet but rather only accessible for the remote machine. – Unkn0wn May 06 '17 at 09:25
  • You may try port knocking with knockd – gapsf Jul 27 '22 at 16:20