A. Khattri wrote:
On Sun, 6 Aug 2006, Mike Williams wrote:
On Sunday 06 August 2006 18:45, fire-eyes wrote:
I would like to give a user an account, however with zero shell abilities.
What I am looking to do is give them the ability to set up a SOCKS proxy
tunnel over SSH, which is done with the -D flag.
I have tried setting the shell to nologin or false, no go. I am not
interested in setting up a chroot jail for this user.
Any ideas?
You want the little known extra features of authorized_keys.
Add command="/usr/bin/sleep",no-pty to the same line as the users key, before
the key itself, i.e.
command="/usr/bin/sleep",no-pty ssh-rsa AAAA...== [EMAIL PROTECTED]
When the user logs in the command will be run, regardless of what the user
asks for, and they'll get no pty so couldn't issue any commands interactively
anyway.
Remember, however long you set sleep to sleep is how long the session will
remain open.
2 other options for authorized_keys I know of are no-port-forwarding and
no-X11-forwarding.
Or you can just use rssh as the login shell...
Tried that, but i couldn't figure out the configuration and it was quite
confusing. The above trick worked fine.
--
[email protected] mailing list
