[SOLVED] How to create new user that can login SSH only and cant do other things else?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to create new user that can login SSH only and cant do other things else?
Hello, I'm new in the forum and which to ask some question.
I'm using Putty to connect to my server.
My question is
How can I eliminate user so that he can only login to the server using SSH?
After the user login, he cannot perform any command(eg: top, free, cd , ls, users and others).
Hello, I'm new in the forum and which to ask some question.
I'm using Putty to connect to my server.
My question is
How can I eliminate user so that he can only login to the server using SSH?
After the user login, he cannot perform any command(eg: top, free, cd , ls, users and others).
Thank for the helping ^^
Seems should be easy enough to create a group and specify what that user of that group can/can't do.
If the given user is not supposed to use the cd and ls programs, then he/she will be limited to a single directory without the ability to see what files are available. So the question actually is - what is the user suppossed to do with such a login? If it's only about launching some script once in a while or reading a specific file, then your better off providing a web interface with a PHP or Perl script to launch a task or view a file. Then you don't have to deal with all the hassles of chroot jails and permissions.
The user is only given permission to access the server using SSH but not FTP and other method else.
I ned the user to login and make use the server serve as a proxy server.
So I must disallow user to perform cd/ls command due to the security issue ^^
In other words your setting up an account for the purposes of using a socket 4 proxy over an SSH tunnel I am guessing? presumably with the task of bypassing some firewall in some location?
If you set the user's path up so they see no locations for binary files, that will "cut out" alot of programs, including top, free and users. However their are still ways they can get around it and built in functions of the shell like ls and cd will still work but a chroot root takes care of the problem of them being able to see other users data. Their ability to redefine $PATH is the only thing I can't think of how to block since if they know how to do that they can redefine it to get back access to applications... however despite all of this, the SSH server also included SFTP, if you removed their ability to write to the directory (ie only allow them read permissions) then their abilities with SFTP should be made useless.
Last edited by r3sistance; 04-13-2009 at 05:24 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
