Does anyone know how I can use tunnels over OpenSSH with non-root users?Use sudo?Setting up a tunnel involves changing the routing table, which should only be done by something with superuser permissions (regardless of the ownership of /dev/tun* devices)...
The issue is that the connecting machine is often outside of my physical control after it's set up, so I'd rather not have root equivalency between the connecting machine and the routing machine. I'd rather an unprivileged user have an account which can own a tunnel, but that's all - I can have an suid script actually configure the tunnel and add routes.
Creating just a tunnel without configuring it shouldn't change the routing table, and changing ownership of the device in /dev/ is a pretty common thing (like giving serial ports to different people on a multiport serial card for accessing their own machine). I just don't know how OpenSSH can be configured to link the tunnel to the tun interface after seeing that ownership allows it.