One way is to edit the /etc/passwd file so that the shell it tries to use is something like "/bin/false" or "/bin/nothing"
eg. sshtunnel:x:12941:12941::/home/sshtunnel:/bin/nothing so that when the user logs in no shell is generated, in the former case, or it does nothing (the thread blocks I believe) in the latter case. I can probably email you the /bin/nothing file as I don't think it's a standard file... I don't know if this prevents scp access however? - let me know if it does... > The user fwd is on an ssh1 client and can only use password > authentication (I cannot control that user's access method). > I have restricted access to just these two users and enabled > forwarding and that works quite well, but I'm stuck on how to > limit the access for fwd. Do I need to write a custom shell > for that user? I can do that, but I don't know what command to allow. I don't think the custom shell (like /bin/nothing) needs to allow any commands as the forwarding is done independently of the shell... If you want to cron the ssh tunnels then I would recommend using rsa keys with no pass-phrase set. Hugh --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
