Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 04-18-2009, 05:20 AM   #1
Senior Member
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Rep: Reputation: 217Reputation: 217Reputation: 217
SSH Tunneling with no shell prompt

Just trying to set-up, I am trying to set-up my Xen VPSs so that people can VNC into them if something goes wrong, naturally I want to do this as to make the VNC sessions as secure as possible but do not really want to give people direct access to Domain0. So I was wondering if their is a way to enable ssh tunneling without granting them a shell prompt, /sbin/nologin just closes the session straight away.
Old 04-18-2009, 07:22 AM   #2
Registered: Apr 2009
Location: Lawrence, KS
Distribution: Debian, Centos
Posts: 102
Blog Entries: 1

Rep: Reputation: 24
The only way I know of to do that is to use ssh keys.

append this to the beginning of the keyline in your authorized_keys file
Quick rundown of keys ....

Generate keypair
* if you want customers to be able to use putty to create the tool you need to create a dsa key (at least I always have to)

Activate key
echo -n 'no-pty,no-X11-forwarding,no-agent-forwarding,command="" ' >> ~/.ssh/authorized_keys && cat ~/.ssh/ >> ~/.ssh/authorized_keys
Give the private key to your user and tell them how to use it.

Note: doing things this way there is really no way to restrict who uses what port or when so people could experience conflicts.

Also it could make for some interesting logs if you are being attacked via a tunneled connection. You may not pick it up, just something to think about.
Old 04-18-2009, 03:34 PM   #3
Senior Member
Registered: Mar 2004
Location: UK
Distribution: CentOS 6/7
Posts: 1,375

Original Poster
Rep: Reputation: 217Reputation: 217Reputation: 217
Ah, not a bad way, generally I am just looking at my options of methods or ways to do things at the minute, I want to create a new system for forwarding a shell from a VM in the case of something like a misconfigured network script. I think I might be able to make some scripts out of this, after all I doubt people will really need three hours after all so the accounts will be disabled if not needed so to speak anyway, just want to limit things down as much as possible.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH Connects but no shell prompt Trd79 Linux - Server 5 08-01-2008 11:58 AM
help with ssh tunneling rafa_gallego Linux - Networking 1 01-22-2008 10:45 AM
How can I allow ssh tunneling but not a shell? Or equivelent... nomb Linux - Security 3 01-02-2008 09:18 AM
LXer: Shell tip: Set the shell prompt and themes in Linux Terminal LXer Syndicated Linux News 0 06-12-2007 03:02 AM
tunneling with ssh barbanero Linux - Security 2 01-24-2002 10:53 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:56 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration