Date: Fri, 12 Apr 2002 08:07:49 -0700 From: Glenn Trewitt <glenn@trewitt.org> To: Rasputin <rasputin@shikima.mine.nu> Cc: stable@FreeBSD.ORG Subject: Re: port forward only account? Message-ID: <3CB6F846.B70FE562@trewitt.org> References: <20020412151758.A21613@shikima.mine.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
You don't need to have a shell for SSH to do port forwarding. i.e.,
/sbin/nologin will do.
This doesn't help with restricting IPs, but you can do that in
sshd_config
- Glenn Trewitt
Rasputin wrote:
> Bit of an odd one this - I have users I want to allow to
> ssh port forward to localhost on his box from certain IPs, but
> not to have a shell.
>
> What's a suitable shell? It should be able to hold a session open,
> but not do anything else.
>
> First thought is something like:
>
> fwder:*:1002:1002:SSH port forwarder:/home/fwder:/usr/games/worms
> --
> Rasputin :: Jack of All Trades - Master of Nuns ::
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CB6F846.B70FE562>