try ForceCommand in a Match block. in the Match block you can also use ChrootDirectory. see man sshd_config, search for Match Good luck, Philipp > -----Original Message----- > From: listbounce@xxxxxxxxxxxxxxxxx > [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Bill Eldridge > Sent: Thursday, May 07, 2009 8:38 PM > To: secureshell@xxxxxxxxxxxxxxxxx > Subject: sshd port forwarding with no shell? chroot/jail? > > > OpenSSH_5.1p1 Debian-3ubuntu1, OpenSSL 0.9.8g 19 Oct 2007 > > I'd like to allow a client with an authorized key > to start port forwarding on a server to his machine > without actually needing to log in or do anything > on the machine, or more I'd prefer there be no > access except starting the forwarding when the > client demands it. > > I tried just setting up the chroot with no files > copied into the chrooted tree, just the auth keys > (actually those seem to work fine even outside > the chroot). Is there an option to let the port > forwarding/tunnel start up without anything else? > Is there a minimum of system files I still have to > copy into the chroot? > > Additionally, I tried 'permitopen "host:port"....' specifying the > client > side > doing a remote port forward, but doesn't have any effect. > Any way to specify an allowed IP:port for a remote > tunnel, or this is only good for local -L tunnels? > > Thanks.
