On Sunday 06 August 2006 18:45, fire-eyes wrote: > I would like to give a user an account, however with zero shell abilities. > What I am looking to do is give them the ability to set up a SOCKS proxy > tunnel over SSH, which is done with the -D flag. > > I have tried setting the shell to nologin or false, no go. I am not > interested in setting up a chroot jail for this user. > > Any ideas?
You want the little known extra features of authorized_keys. Add command="/usr/bin/sleep",no-pty to the same line as the users key, before the key itself, i.e. command="/usr/bin/sleep",no-pty ssh-rsa AAAA...== [EMAIL PROTECTED] When the user logs in the command will be run, regardless of what the user asks for, and they'll get no pty so couldn't issue any commands interactively anyway. Remember, however long you set sleep to sleep is how long the session will remain open. 2 other options for authorized_keys I know of are no-port-forwarding and no-X11-forwarding. -- Mike Williams -- [email protected] mailing list
