Create user with no permissions for ssh tunnel
Posted on 2012-03-30
I want to setup a user on a Linux box for the sole purpose of ssh tunnelling so when they run the following command on their mac, they are able to access a service running on port 3000 internally on the remote box via port 60000 on their machine
ssh -L 60000:127.0.0.1:3000 firstname.lastname@example.org
This works fine with a regular account, but I want to restrict the new user account (as much as I can) to be restricted to ssh tunnelling with no access to the file system (expect perhaps their home directory)
Is there an easy way to do this without the need to create a chroot jail?