So long as they are using keys you could put a command in front of the
key forcing only that action.
ex.
authorized_keys:
command="~/open_port.sh", ssh-rsa AAAAB3NzaC1yc2EAAAA...
Peters way seems to cut out some middle men, and might be better
security wise.
Cheers,
Michael
Peter Valdemar Mørch (Lists) wrote:
What I did was create /usr/bin/ports.pl that contains:
#!/usr/bin/perl -w
print "This account can only be used to forward ports\n";
<STDIN>;
and just that. For the user in question, set up his/her shell to be
/usr/bin/ports.pl (instead of /bin/bash or whatever). That way, when the
user logs in in, they cannot do anything other than type enter to exit.
Works for me, and is short enough that there aren't any security issues
with it. (Can anybody see any that I've missed?)
Peter
