I need/desire to set up a userID for an SSH tunnel, but not allow said user to have a login to the server. For the user to set up the tunnel with: ssh -p 1234 -L 8080:192.168.1.4:80 george at gateway.foo.com Where george would use a password instead of a stored SSH key, could george be created with: useradd -s /sbin/nologin -c "George" george passwd george thanks
I think you are correct that that would create an account that George would not be able to log into.> On Jan 18, 2016, at 5:04 PM, Robert Moskowitz <rgm at htt-consult.com> wrote: > > I need/desire to set up a userID for an SSH tunnel, but not allow said user to have a login to the server. > > For the user to set up the tunnel with: > > ssh -p 1234 -L 8080:192.168.1.4:80 george at gateway.foo.com > > Where george would use a password instead of a stored SSH key, could george be created with: > > useradd -s /sbin/nologin -c "George" george > > passwd george > > > thanks > > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
On 01/18/2016 03:04 PM, Robert Moskowitz wrote:> I need/desire to set up a userID for an SSH tunnel, but not allow said > user to have a login to the server.The user needs to be able to log in to a shell that does nothing interactively. You might be able to set the shell to /usr/bin/cat...
On 19 Jan 2016 05:32, "Gordon Messmer" <gordon.messmer at gmail.com> wrote:> > On 01/18/2016 03:04 PM, Robert Moskowitz wrote: >> >> I need/desire to set up a userID for an SSH tunnel, but not allow saiduser to have a login to the server.> > > The user needs to be able to log in to a shell that does nothinginteractively. You might be able to set the shell to /usr/bin/cat... Better still a force command that discards any attempted command by the user... Extra points if they attempt a command and "yelling" at them ;) I'd also use at least a chroot in case they do manage to get interactive access.