Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Create user with no permissions for ssh tunnel

Posted on 2012-03-30
3
Medium Priority
?
360 Views
Last Modified: 2012-04-01
I want to setup a user on a Linux box for the sole purpose of ssh tunnelling so when they run the following command on their mac, they are able to access a service running on port 3000 internally on the remote box via port 60000 on their machine

ssh -L 60000:127.0.0.1:3000 newuser@x.x.x.x

This works fine with a regular account, but I want to restrict the new user account (as much as I can) to be restricted to ssh tunnelling with no access to the file system (expect perhaps their home directory)

Is there an easy way to do this without the need to create a chroot jail?

Thanks
BT
0
Comment
Question by:brothertom
3 Comments
 
LVL 5

Expert Comment

by:cdfs
ID: 37787655
Have you tried changing the users shell in passwd to /bin/null ?
0
 
LVL 7

Accepted Solution

by:
Jayachandran Palanisamy earned 2000 total points
ID: 37792277
Hi,
Just make and use rbash shell instead of bash shell. Please follow the steps which are mentioned in this link.
http://blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash/

Also take a look into this.
http://www.server-world.info/en/note?os=CentOS_5&p=rbash


Open /etc/passwd file and setup shell to /bin/rbash
# vi /etc/passwd

Open in new window


For example here is a sample entry for user jaytest
# jaytest:x:32008:32011::/home/jaytest:/bin/rbash

Open in new window


Good luck :)

Jay
0
 

Author Closing Comment

by:brothertom
ID: 37793862
rbash did the job (good enough restriction).

Thanks
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month11 days, 6 hours left to enroll

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question