SSH Tunnel for butty - (user without permissions for anything else)

pamamolf · 04-09-2015, 08:55 PM

Hello

I am using as root on Centos 6.6 tunneling and i am connecting to it using putty and socks on my Firefox and all working great..

Now i want to create another user to be able to use also tunnel but without any permissions for anything else in the server...

Any ideas how can i do it?Any easy way for this?

Can't find a Centos 6.x working tutorial

I found only for Ubuntu....google searching...

Thanks

unSpawn · 04-11-2015, 09:10 AM

Quote:

Originally Posted by pamamolf

I am using as root on Centos 6.6 tunneling

You should not (need to) do that as root user: please use an unprivileged user account instead.

Quote:

Originally Posted by pamamolf

Now i want to create another user to be able to use also tunnel but without any permissions for anything else in the server...

Set this unprivileged users authorized_keys file entry to start with this stanza:

Code:

no-pty,no-agent-forwarding,no-X11-forwarding,command="/bin/false",permitopen="ipaddress:portnumber"

and see 'man sshd_config' and 'man ssh_config' for explanation.

pamamolf · 04-11-2015, 12:39 PM

Quote:

Set this unprivileged users authorized_keys file entry to start with this stanza:

Is it possible to not use authorized key and use plain user and password?And if yes then where i should add the:

Quote:

no-pty,no-agent-forwarding,no-X11-forwarding,command="/bin/false",permitopen="ipaddress

ortnumber"

At the moment i create a user:

Code:

useradd tunneluser
passwd tunneluser

and i create a group:

Code:

groupadd tunnel

then i add the user there:

Code:

useradd -G tunnel tunneluser

check that is ok:

Code:

id tunneluser
uid=502(tunneluser) gid=503(tunneluser) groups=503(tunneluser)

And now i don't know what to edit to fix the privileges...

unSpawn · 04-11-2015, 01:08 PM

Quote:

Originally Posted by pamamolf

Is it possible to not use authorized key and use plain user and password?

Yes but like using root for day to day tasks that's not a SSH Best Practice. Try to get accustomed to using ssh-agent or its Desktop Environment equivalent if loading keys bothers you.

Quote:

Originally Posted by pamamolf

i don't know what to edit to fix the privileges.

What privileges? Explain?

pamamolf · 04-11-2015, 02:26 PM

The user that i create is not root as you recommend me and also the group .....

Now i need to use this:

Code:

no-pty,no-agent-forwarding,no-X11-forwarding,command="/bin/false",permitopen="ipaddress:portnumber"

As it is the last step as you post above to make it work but i need some more instructions for this please....