How to create a restricted SSH user for port forwarding?

Posted by Lekensteyn on Ask Ubuntu See other posts from Ask Ubuntu or by Lekensteyn
Published on 2011-06-10T20:04:12Z Indexed on 2012/08/28 15:51 UTC
Read the original article Hit count: 262

Filed under:
|
|

ændrük suggested a reverse connection for getting an easy SSH connection with someone else (for remote help). For that to work, an additional user is needed to accept the connection. This user needs to be able to forward his port through the server (the server acts as proxy).

How do I create a restricted user that can do nothing more than the above described?

The new user must not be able to:

  • execute shell commands
  • access files or upload files to the server
  • use the server as proxy (e.g. webproxy)
  • access local services which were otherwise not publicly accessible due to a firewall
  • kill the server

Summarized, how do I create a restricted SSH user which is only able to connect to the SSH server without privileges, so I can connect through that connection with his computer?

© Ask Ubuntu or respective owner

Related posts about ssh

Related posts about security