Create custum sshd config file
cp /etc/ssh/sshd_config /etc/sshsshd_config_custom
Changed options in sshd_config_custom file
Port 4321
PermitRootLogin no
AllowUsers theusername
With this configuration file, only theusername could connect ssh deamon on port 4321.
Run sshd deamon
/usr/lib/ssh/sshd -f /data01/tcell/sshd_config_config
Change shell to /usr/bin/false in passwd file
vi /etc/passwd
theusername:x:404:808::/homefolder:/bin/sh
theusername:x:404:808::/homefolder:/usr/bin/false
If you do not have false shell create read only shell.
vi /usr/bin/dummyshell
add two lines below
#!/bin/bash
bash -r -c read
Make executable
chmod a+x /usr/bin/dummyshell
From remote computer:
So user had to use -N option for ssh command
-N
Does not execute a remote command. This is useful if you
just want to forward ports (protocol version 2 only).
For port forwarding from another system
ssh -N theusername@ipadressoftheserver -L 9999:127.0.0.1:9999 -p 4321
-p for changed ssh port in sshd_config_custom
Now user could not give any command on the server but could port forward 9999 from the server to computer.
Posts
No comments:
Post a Comment