• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 366
  • Last Modified:

Create user with no permissions for ssh tunnel

I want to setup a user on a Linux box for the sole purpose of ssh tunnelling so when they run the following command on their mac, they are able to access a service running on port 3000 internally on the remote box via port 60000 on their machine

ssh -L 60000:127.0.0.1:3000 newuser@x.x.x.x

This works fine with a regular account, but I want to restrict the new user account (as much as I can) to be restricted to ssh tunnelling with no access to the file system (expect perhaps their home directory)

Is there an easy way to do this without the need to create a chroot jail?

Thanks
BT
0
brothertom
Asked:
brothertom
1 Solution
 
cdfsCommented:
Have you tried changing the users shell in passwd to /bin/null ?
0
 
Jayachandran PalanisamyTechnical Consultant - LinuxCommented:
Hi,
Just make and use rbash shell instead of bash shell. Please follow the steps which are mentioned in this link.
http://blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash/

Also take a look into this.
http://www.server-world.info/en/note?os=CentOS_5&p=rbash


Open /etc/passwd file and setup shell to /bin/rbash
# vi /etc/passwd

Open in new window


For example here is a sample entry for user jaytest
# jaytest:x:32008:32011::/home/jaytest:/bin/rbash

Open in new window


Good luck :)

Jay
0
 
brothertomAuthor Commented:
rbash did the job (good enough restriction).

Thanks
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now