Hi everyone
i have a pc at home running linux and online 24/24.
I also have a friend that works in a company restricting his internet access.
now i wish to give this friend the chance to see the whole internet using my pc as a gateway by ssh tunneling, however i don't want to give him shell account.
For my ssh i use RSA authentication, and it works wonderfully, but i have shell access, in order to make an user w/o shell access i did this:

#adduser --no-create-home --shell /bin/false httpssh

but when i try to redirect i get an error about the pubkey..how should i deal with that? can i disable pubkey for ONLY this account? or should i generate a pubkey for this account as well? and how should i do that?

thank you very much

For generating keys see "man ssh-keygen". I need to warn you however that deliberate circumvention can have severe repercussions. Those network policies aren't in place w/o reason. Since you will allow your "friend" to use your system, any investigation will lead to you with no chance to cloak yourself (w/o performance drop) since we're talking TCP and you can certainly be held responsable in case damages arise. Think twice, I'd say.

unSpawn, my friend wants only to access his Gmail and guns&ammo forum..nothing more than that..
i could even restrict him to only those two websites and it would be already good
for generating keys, if i make an httpssh user on my computer
he needs to generate a pubkey for the same user on his pc, if he uses windows no problem, he can use puttygen.
but in case he is on linux, what should he do?
make an user with that name? generate the key, then remove the user?
because i couldn't find in ssh-keygen a way to generate a key for an user that is not on the system

I would repeat what unspawn said. Plus I would add that this is hacker stuff whatever your intention might be. That makes it illegal as well as breaking the employer's network policy. If you are in the United States you could go to prison for trying to do this.

And ... it is against the policies of this site to assist hackers.

Then your "friend" should have no problem in the first place convincing management that private email and forum banter pose no threat to productivity or company security and getting paid for it is cool as well. As far as your username "problem": you're using GNU/Linux which means you already posess all the information you need to make it work and you can experiment freely. Coming up with a simple way to test using different usernames should not be hard.


Understand that when you signed up for a LQ account you agreed to adhere to the LQ Rules.
Unfortunately you have shown you don't mind the risks and don't understand your responsabilities.
Therefore please note that if you continue this thread it *will* be closed faster than you can 'ssh-keygen'.