Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 367
  • Last Modified:

Create user with no permissions for ssh tunnel

I want to setup a user on a Linux box for the sole purpose of ssh tunnelling so when they run the following command on their mac, they are able to access a service running on port 3000 internally on the remote box via port 60000 on their machine

ssh -L 60000:127.0.0.1:3000 newuser@x.x.x.x

This works fine with a regular account, but I want to restrict the new user account (as much as I can) to be restricted to ssh tunnelling with no access to the file system (expect perhaps their home directory)

Is there an easy way to do this without the need to create a chroot jail?

Thanks
BT
0
brothertom
Asked:
brothertom
1 Solution
 
cdfsCommented:
Have you tried changing the users shell in passwd to /bin/null ?
0
 
Jayachandran PalanisamyTechnical Consultant - LinuxCommented:
Hi,
Just make and use rbash shell instead of bash shell. Please follow the steps which are mentioned in this link.
http://blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash/

Also take a look into this.
http://www.server-world.info/en/note?os=CentOS_5&p=rbash


Open /etc/passwd file and setup shell to /bin/rbash
# vi /etc/passwd

Open in new window


For example here is a sample entry for user jaytest
# jaytest:x:32008:32011::/home/jaytest:/bin/rbash

Open in new window


Good luck :)

Jay
0
 
brothertomAuthor Commented:
rbash did the job (good enough restriction).

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

A proven path to a career in data science

At Springboard, we know how to get you a job in data science. With Springboard’s Data Science Career Track, you’ll master data science  with a curriculum built by industry experts. You’ll work on real projects, and get 1-on-1 mentorship from a data scientist.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now