LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-10-2009, 02:32 PM   #1
kien23
LQ Newbie
 
Registered: Apr 2009
Posts: 2

Rep: Reputation: Disabled
How to create new user that can login SSH only and cant do other things else?


Hello, I'm new in the forum and which to ask some question.

I'm using Putty to connect to my server.

My question is
How can I eliminate user so that he can only login to the server using SSH?
After the user login, he cannot perform any command(eg: top, free, cd , ls, users and others).

Thank for the helping ^^
 
Old 04-10-2009, 02:33 PM   #2
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,072

Rep: Reputation: 384Reputation: 384Reputation: 384Reputation: 384
If you want to restrict the environment for that user, the easiest way is to use a chroot jail.

http://www.google.com/search?ie=UTF-...sh+chroot+jail
 
Old 04-10-2009, 02:34 PM   #3
corbintechboy
Member
 
Registered: Sep 2003
Location: Kentucky
Posts: 480
Blog Entries: 1

Rep: Reputation: 51
Quote:
Originally Posted by kien23 View Post
Hello, I'm new in the forum and which to ask some question.

I'm using Putty to connect to my server.

My question is
How can I eliminate user so that he can only login to the server using SSH?
After the user login, he cannot perform any command(eg: top, free, cd , ls, users and others).

Thank for the helping ^^
Seems should be easy enough to create a group and specify what that user of that group can/can't do.
 
Old 04-10-2009, 08:57 PM   #4
zaithyn
LQ Newbie
 
Registered: Apr 2009
Posts: 6

Rep: Reputation: 0
Use NetInfo Manager to add a user. Copy an existing GUI account, and change the values associated with it.
 
Old 04-12-2009, 07:58 PM   #5
maresmasb
Member
 
Registered: Apr 2009
Posts: 108

Rep: Reputation: 24
If the given user is not supposed to use the cd and ls programs, then he/she will be limited to a single directory without the ability to see what files are available. So the question actually is - what is the user suppossed to do with such a login? If it's only about launching some script once in a while or reading a specific file, then your better off providing a web interface with a PHP or Perl script to launch a task or view a file. Then you don't have to deal with all the hassles of chroot jails and permissions.

Last edited by Tinkster; 10-30-2010 at 03:35 PM.
 
Old 04-13-2009, 03:00 AM   #6
kien23
LQ Newbie
 
Registered: Apr 2009
Posts: 2

Original Poster
Rep: Reputation: Disabled
The user is only given permission to access the server using SSH but not FTP and other method else.
I ned the user to login and make use the server serve as a proxy server.
So I must disallow user to perform cd/ls command due to the security issue ^^
 
Old 04-13-2009, 05:22 AM   #7
r3sistance
Senior Member
 
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 216Reputation: 216Reputation: 216
In other words your setting up an account for the purposes of using a socket 4 proxy over an SSH tunnel I am guessing? presumably with the task of bypassing some firewall in some location?

If you set the user's path up so they see no locations for binary files, that will "cut out" alot of programs, including top, free and users. However their are still ways they can get around it and built in functions of the shell like ls and cd will still work but a chroot root takes care of the problem of them being able to see other users data. Their ability to redefine $PATH is the only thing I can't think of how to block since if they know how to do that they can redefine it to get back access to applications... however despite all of this, the SSH server also included SFTP, if you removed their ability to write to the directory (ie only allow them read permissions) then their abilities with SFTP should be made useless.

Last edited by r3sistance; 04-13-2009 at 05:24 AM.
 
Old 04-26-2009, 08:36 AM   #8
zaithyn
LQ Newbie
 
Registered: Apr 2009
Posts: 6

Rep: Reputation: 0
Note: You must use the absolute path to the shell, otherwise Terminal will say that an admin has set your shell to an invalid path, and then quit.

__________________
Criminal Background Check
 
Old 04-26-2009, 10:55 AM   #9
emetib
Member
 
Registered: Feb 2003
Posts: 482

Rep: Reputation: 33
man rbash

you should be able to set up a ssh/user on your proxy, change that users shell to rbash in /etc/passwd.

test
test
test
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
can't login after create user lapn99 Linux - General 6 05-11-2013 03:39 AM
SSH - cannot login as 1 particular user pnellesen Linux - Networking 7 11-24-2006 11:25 PM
create a new user via ssh cccc Debian 4 08-01-2005 01:41 PM
how can i create a ssh-keygen for user?? yenonn Linux - General 1 06-14-2005 10:37 PM
HELP me on SSH User login manya Linux - Security 1 05-03-2004 03:56 PM


All times are GMT -5. The time now is 12:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration