Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

how to setup a SSH user with minimal permissions?

Posted on 2011-09-30
5
Medium Priority
?
324 Views
Last Modified: 2012-05-12
Hello Experts,

I need to setup a ssh user with the premission to create a ssh tunnel on localhost and no more rights to do anything else.

Can someone tell me how to create a user and restrict the shell excepting the tunnel?

I'm using ubuntu.

Thanks
0
Comment
Question by:k4hvd77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 14

Accepted Solution

by:
sentner earned 2000 total points
ID: 36892501
Your best bet is to change the user's shell to something that will run, but which does not allow commands to be run.  You could try the restricted shell if it's available on your system (http://www.gnu.org/software/bash/manual/html_node/The-Restricted-Shell.html).  That will give a limited set of functionality.

Another option is to set the shell to something like a script or program that doesn't give them any ability to run anything, but which will exit cleanly when they end the session.  
0
 
LVL 79

Expert Comment

by:arnold
ID: 36892887
set the user with /bin/true as the shell (-s /bin/true).
Note that when they establish a connection, they must use the option to disable the shell request.
ssh -f user@remotehost -L port:remotehost:remoteport -R remoeport:local_named_host:local_named_hostport in putty, under the ssh settings, check the box not to require a console/shell (SSH, protocol, Don't start a shell  or command at all).
If the user does not use the -f flag when using ssh command on unix, or does not disable the starting of shell/command the connection will be dropped when /bin/true execution completes which is almost instantaneous.
 
0
 
LVL 9

Expert Comment

by:parparov
ID: 36894864
a small addendum to arnold's soltuion:
You need to use -N option not to request a shell, -f just sends the ssh into background.

From ssh's manual:
     -N      Do not execute a remote command.  This is useful for just for-
             warding ports (protocol version 2 only).

Open in new window

0
 
LVL 4

Author Comment

by:k4hvd77
ID: 36896162
Thanks for all answers but restricted shell is what I'm looking for.


0
 
LVL 9

Expert Comment

by:parparov
ID: 36896804
It's strange, for if you need to run a tunnel only, you don't need a shell at all (see my comment regarding -N option).
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can use conditional statements using Python.
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question