JerryPreissler · September 10, 2013 07:42
diff --git a/gistfile1.txt b/gistfile1.txt
 The problem: provide a user that can tunnel to a given host via ssh, but not log in or copy files from the host

 Solution:

 1. Create user with adduser
 2. Set shell for user to /bin/rbash (restricted shell, caution: this does not provide sufficient security by itself)
 3. In user's home edit .profile: set path to home dir only
 4. create <userhome>/.ssh/authorized_keys, chown -R user:user .ssh, chmod -R go-rwx .ssh
 5. insert user's ssh public key into authorized_keys
 6. set ssh permissions for this key in authorized_keys (see 'man authorized_keys') for details

 Sample entry:

 command="echo 'press <enter> to exit'; read a; exit" ssh-rsa AAA[..]4BH user@email
	The problem: provide a user that can tunnel to a given host via ssh, but not log in or copy files from the host

	Solution:

	1. Create user with adduser
	2. Set shell for user to /bin/rbash (restricted shell, caution: this does not provide sufficient security by itself)
	3. In user's home edit .profile: set path to home dir only
	4. create <userhome>/.ssh/authorized_keys, chown -R user:user .ssh, chmod -R go-rwx .ssh
	5. insert user's ssh public key into authorized_keys
	6. set ssh permissions for this key in authorized_keys (see 'man authorized_keys') for details

	Sample entry:

	command="echo 'press <enter> to exit'; read a; exit" ssh-rsa AAA[..]4BH user@email