How to configure a ssh-server for user and password less port forwarding ?

Balbir Singh
Balbir Singh used Ask the Experts™
on
I test that we can configure a ssh server to let a specific user, say 'demo' to login without any password with below configuration

PasswordAuthentication yes
PermitEmptyPasswords yes

Open in new window


I have also configured this user to have no access to shell and change shell in /etc/passwd to
/usr/sbin/nologin 

Open in new window

for user demo. I would like to understand security concern while I have this config in place. I simply want to use this user for port forwarding purpose and also I do not want to use public/private key for this purpose.

Or is there a way that I can have a ssh-server configured to use port forwarding and ssh client need not to use any user or password?

Best Regards
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017
Commented:
once a use is on the system, they only need to exploit a vulnerability. They have access to info to potentially see what accounts exist more /etc/passwd.
List /home to see possible username's.
They may also have access to your entire lan and any vulnerabilities you might have in the environment.

Consider an office building. An individual having absolutely no access versus an individual who is granted access to the lobby.
The one with access to the lobby can exploit the weaker security, possible neglect of others who might leave doors unlocked.


Commonly, servers on your lan exposed to the Internet shoukd use additional, more secure ... Beyond password but additional sevurity option, mta, etc.

What is this server's function.
If you want it to be "passwordless", you should be forcing the user to use ssh keys.  Setting no password is asking for trouble.  While you have it set to nologin, any user can ssh and run commands remotely.  You don't need to log in to run commands.  You are not secure in this manner.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial