Solved

Create user with no permissions for ssh tunnel

Posted on 2012-03-30
3
335 Views
Last Modified: 2012-04-01
I want to setup a user on a Linux box for the sole purpose of ssh tunnelling so when they run the following command on their mac, they are able to access a service running on port 3000 internally on the remote box via port 60000 on their machine

ssh -L 60000:127.0.0.1:3000 newuser@x.x.x.x

This works fine with a regular account, but I want to restrict the new user account (as much as I can) to be restricted to ssh tunnelling with no access to the file system (expect perhaps their home directory)

Is there an easy way to do this without the need to create a chroot jail?

Thanks
BT
0
Comment
Question by:brothertom
3 Comments
 
LVL 5

Expert Comment

by:cdfs
ID: 37787655
Have you tried changing the users shell in passwd to /bin/null ?
0
 
LVL 7

Accepted Solution

by:
chandranjoy earned 500 total points
ID: 37792277
Hi,
Just make and use rbash shell instead of bash shell. Please follow the steps which are mentioned in this link.
http://blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash/

Also take a look into this.
http://www.server-world.info/en/note?os=CentOS_5&p=rbash


Open /etc/passwd file and setup shell to /bin/rbash
# vi /etc/passwd

Open in new window


For example here is a sample entry for user jaytest
# jaytest:x:32008:32011::/home/jaytest:/bin/rbash

Open in new window


Good luck :)

Jay
0
 

Author Closing Comment

by:brothertom
ID: 37793862
rbash did the job (good enough restriction).

Thanks
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cannot connect to openvpn server 9 59
php ssh2_scp_send 1 47
Why isn't object file created? 6 41
Hacked File Timestamps 4 49
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now