On 01/19/2016 02:16 AM, James Hogarth wrote: > On 19 Jan 2016 05:32, "Gordon Messmer" <gordon.messmer at gmail.com> wrote: >> On 01/18/2016 03:04 PM, Robert Moskowitz wrote: >>> I need/desire to set up a userID for an SSH tunnel, but not allow said > user to have a login to the server. >> >> The user needs to be able to log in to a shell that does nothing > interactively. You might be able to set the shell to /usr/bin/cat... > > Better still a force command that discards any attempted command by the > user... > > Extra points if they attempt a command and "yelling" at them ;) > > I'd also use at least a chroot in case they do manage to get interactive > access. Thanks for all the advise. I did some searching and found: http://askubuntu.com/questions/48129/how-to-create-a-restricted-ssh-user-for-port-forwarding This looks reasonable enough to give it a try...