LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   SSH Tunnel for butty - (user without permissions for anything else) (https://www.linuxquestions.org/questions/linux-server-73/ssh-tunnel-for-butty-user-without-permissions-for-anything-else-4175539270/)

pamamolf 04-09-2015 08:55 PM
SSH Tunnel for butty - (user without permissions for anything else)
 
Hello

I am using as root on Centos 6.6 tunneling and i am connecting to it using putty and socks on my Firefox and all working great..

Now i want to create another user to be able to use also tunnel but without any permissions for anything else in the server...

Any ideas how can i do it?Any easy way for this?

Can't find a Centos 6.x working tutorial :(
I found only for Ubuntu....google searching...

Thanks

unSpawn 04-11-2015 09:10 AM
Quote:
Originally Posted by pamamolf (Post 5345193)
I am using as root on Centos 6.6 tunneling
You should not (need to) do that as root user: please use an unprivileged user account instead.


Quote:
Originally Posted by pamamolf (Post 5345193)
Now i want to create another user to be able to use also tunnel but without any permissions for anything else in the server...
Set this unprivileged users authorized_keys file entry to start with this stanza:
Code:
no-pty,no-agent-forwarding,no-X11-forwarding,command="/bin/false",permitopen="ipaddress:portnumber"
and see 'man sshd_config' and 'man ssh_config' for explanation.

pamamolf 04-11-2015 12:39 PM
Quote:
Set this unprivileged users authorized_keys file entry to start with this stanza:
Is it possible to not use authorized key and use plain user and password?And if yes then where i should add the:

Quote:
no-pty,no-agent-forwarding,no-X11-forwarding,command="/bin/false",permitopen="ipaddress:portnumber"
At the moment i create a user:

Code:
useradd tunneluser
passwd tunneluser
and i create a group:
Code:
groupadd tunnel
then i add the user there:
Code:
useradd -G tunnel tunneluser
check that is ok:
Code:
id tunneluser
uid=502(tunneluser) gid=503(tunneluser) groups=503(tunneluser)
And now i don't know what to edit to fix the privileges... :(

unSpawn 04-11-2015 01:08 PM
Quote:
Originally Posted by pamamolf (Post 5345875)
Is it possible to not use authorized key and use plain user and password?
Yes but like using root for day to day tasks that's not a SSH Best Practice. Try to get accustomed to using ssh-agent or its Desktop Environment equivalent if loading keys bothers you.


Quote:
Originally Posted by pamamolf (Post 5345875)
i don't know what to edit to fix the privileges.
What privileges? Explain?

pamamolf 04-11-2015 02:26 PM
The user that i create is not root as you recommend me and also the group .....

Now i need to use this:

Code:
no-pty,no-agent-forwarding,no-X11-forwarding,command="/bin/false",permitopen="ipaddress:portnumber"
As it is the last step as you post above to make it work but i need some more instructions for this please....


All times are GMT -5. The time now is 10:46 PM.