Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Create user with no permissions for ssh tunnel

Posted on 2012-03-30
3
Medium Priority
?
354 Views
Last Modified: 2012-04-01
I want to setup a user on a Linux box for the sole purpose of ssh tunnelling so when they run the following command on their mac, they are able to access a service running on port 3000 internally on the remote box via port 60000 on their machine

ssh -L 60000:127.0.0.1:3000 newuser@x.x.x.x

This works fine with a regular account, but I want to restrict the new user account (as much as I can) to be restricted to ssh tunnelling with no access to the file system (expect perhaps their home directory)

Is there an easy way to do this without the need to create a chroot jail?

Thanks
BT
0
Comment
Question by:brothertom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 5

Expert Comment

by:cdfs
ID: 37787655
Have you tried changing the users shell in passwd to /bin/null ?
0
 
LVL 7

Accepted Solution

by:
Jayachandran Palanisamy earned 2000 total points
ID: 37792277
Hi,
Just make and use rbash shell instead of bash shell. Please follow the steps which are mentioned in this link.
http://blog.bodhizazen.net/linux/how-to-restrict-access-with-rbash/

Also take a look into this.
http://www.server-world.info/en/note?os=CentOS_5&p=rbash


Open /etc/passwd file and setup shell to /bin/rbash
# vi /etc/passwd

Open in new window


For example here is a sample entry for user jaytest
# jaytest:x:32008:32011::/home/jaytest:/bin/rbash

Open in new window


Good luck :)

Jay
0
 

Author Closing Comment

by:brothertom
ID: 37793862
rbash did the job (good enough restriction).

Thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question