try ForceCommand in a Match block. in the Match block you can also use ChrootDirectory.
see man sshd_config, search for Match Good luck, Philipp > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Bill Eldridge > Sent: Thursday, May 07, 2009 8:38 PM > To: [email protected] > Subject: sshd port forwarding with no shell? chroot/jail? > > > OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007 > > I'd like to allow a client with an authorized key > to start port forwarding on a server to his machine > without actually needing to log in or do anything > on the machine, or more I'd prefer there be no > access except starting the forwarding when the > client demands it. > > I tried just setting up the chroot with no files > copied into the chrooted tree, just the auth keys > (actually those seem to work fine even outside > the chroot). Is there an option to let the port > forwarding/tunnel start up without anything else? > Is there a minimum of system files I still have to > copy into the chroot? > > Additionally, I tried 'permitopen "host:port"....' specifying the > client > side > doing a remote port forward, but doesn't have any effect. > Any way to specify an allowed IP:port for a remote > tunnel, or this is only good for local -L tunnels? > > Thanks.
