I need/desire to set up a userID for an SSH tunnel, but not allow said user to have a login to the server.
For the user to set up the tunnel with:
ssh -p 1234 -L 8080:192.168.1.4:80 george@gateway.foo.com
Where george would use a password instead of a stored SSH key, could george be created with:
useradd -s /sbin/nologin -c "George" george
passwd george
thanks
I think you are correct that that would create an account that George would not be able to log into.
On Jan 18, 2016, at 5:04 PM, Robert Moskowitz rgm@htt-consult.com wrote:
I need/desire to set up a userID for an SSH tunnel, but not allow said user to have a login to the server.
For the user to set up the tunnel with:
ssh -p 1234 -L 8080:192.168.1.4:80 george@gateway.foo.com
Where george would use a password instead of a stored SSH key, could george be created with:
useradd -s /sbin/nologin -c "George" george
passwd george
thanks
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 01/18/2016 03:04 PM, Robert Moskowitz wrote:
I need/desire to set up a userID for an SSH tunnel, but not allow said user to have a login to the server.
The user needs to be able to log in to a shell that does nothing interactively. You might be able to set the shell to /usr/bin/cat...
On 19 Jan 2016 05:32, "Gordon Messmer" gordon.messmer@gmail.com wrote:
On 01/18/2016 03:04 PM, Robert Moskowitz wrote:
I need/desire to set up a userID for an SSH tunnel, but not allow said
user to have a login to the server.
The user needs to be able to log in to a shell that does nothing
interactively. You might be able to set the shell to /usr/bin/cat...
Better still a force command that discards any attempted command by the user...
Extra points if they attempt a command and "yelling" at them ;)
I'd also use at least a chroot in case they do manage to get interactive access.
On 01/19/2016 02:16 AM, James Hogarth wrote:
On 19 Jan 2016 05:32, "Gordon Messmer" gordon.messmer@gmail.com wrote:
On 01/18/2016 03:04 PM, Robert Moskowitz wrote:
I need/desire to set up a userID for an SSH tunnel, but not allow said
user to have a login to the server.
The user needs to be able to log in to a shell that does nothing
interactively. You might be able to set the shell to /usr/bin/cat...
Better still a force command that discards any attempted command by the user...
Extra points if they attempt a command and "yelling" at them ;)
I'd also use at least a chroot in case they do manage to get interactive access.
Thanks for all the advise. I did some searching and found:
http://askubuntu.com/questions/48129/how-to-create-a-restricted-ssh-user-for...
This looks reasonable enough to give it a try...
-
andrew rotramel -
Gordon Messmer -
James Hogarth -
Robert Moskowitz