View previous topic :: View next topic |
Author |
Message |
maxx^hjb n00b
Joined: 19 Oct 2002 Posts: 8
|
Posted: Fri Oct 25, 2002 11:40 am Post subject: User Accounts for SSH-tunneling only |
|
|
Hi!
I want to setup an Account that does not have a real shell but being able to connect via SSH. What I want is that the user is only able to open SSH-Tunnels on certain ports and cannot do anything else.
Any suggestions?
mAXx |
|
Back to top |
|
|
BackSeat Apprentice
Joined: 12 Apr 2002 Posts: 242 Location: Reading, UK
|
Posted: Fri Oct 25, 2002 12:45 pm Post subject: |
|
|
Well, you could make the user's login shell a script file which only permits what you want the user to do, but you'd need to be careful that they can't break out of it.
BS |
|
Back to top |
|
|
maxx^hjb n00b
Joined: 19 Oct 2002 Posts: 8
|
Posted: Fri Oct 25, 2002 2:10 pm Post subject: |
|
|
well... a script, that just does nothing would make me happy. But how do I setup such a script? I already tried writing a script that ends up in an endless loop, but then the user dont gets authenticated when trying to log in. |
|
Back to top |
|
|
securiteaze Tux's lil' helper
Joined: 24 Oct 2002 Posts: 77 Location: Tulsa,Oklahoma
|
Posted: Mon Oct 28, 2002 3:01 am Post subject: |
|
|
I use /bin/true for similar operations. Verify it is in /etc/shells before assigning it to a user. _________________ Blah.. |
|
Back to top |
|
|
maxx^hjb n00b
Joined: 19 Oct 2002 Posts: 8
|
Posted: Mon Oct 28, 2002 12:20 pm Post subject: |
|
|
Well... /bin/true didnt make it for me, because the user gets disconnected after a successful connect. But /etc/shells was the hint I was looking for... I added my script, which is just an endless loop, and voila... everything works fine now.
Thanks!
mAXx |
|
Back to top |
|
|
securiteaze Tux's lil' helper
Joined: 24 Oct 2002 Posts: 77 Location: Tulsa,Oklahoma
|
Posted: Mon Oct 28, 2002 3:41 pm Post subject: |
|
|
Endless loop? Watch out for the endless loop using all your resources. _________________ Blah.. |
|
Back to top |
|
|
|