Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Allow only certain users to log in via ssh' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Allow only certain users to log in via ssh
Authored by: david-bo on Oct 09, '03 12:01:04PM

Is it possible to allow a user to only open a tunnel, i.e., I want the user to not be able to use the shell?

---
http://www.google.com/search?as_q=%22Authored+by%3A+david-bo%22&num=10&hl=en&ie=ISO-8859-1&btnG=



[ Reply to This | # ]
Allow only certain users to log in via ssh
Authored by: pjw on Oct 09, '03 01:43:10PM

To prevent a user from having shell access, you need to set their login shell to something like /bin/nologin. Open up NetInfo.app and go to the user you want. Change their shell setting from /bin/bash or /bin/tcsh or whatever to /bin/nologin. You can probably also use the chsh command line utility like this:

chsh -s /bin/nologin username

Note: I haven't tested this under OS X and I don't know if it has any adverse effects when the user tries to login locally. They may not be able to use Terminal.app. Give it a try and post here letting us know if it works for you.



[ Reply to This | # ]
Allow only certain users to log in via ssh
Authored by: nmthor1 on Oct 09, '03 07:32:45PM
It seems that users can logon locally, and in fact use the Terminal! The shell defaults to bash.
However, users cannot logon interactively via the console (i.e. using >console at the logon screen) nor via ssh.
-n

[ Reply to This | # ]
Allow certain users only to tunnel
Authored by: datasmid on Oct 27, '04 05:11:43PM

Add something like this before their key in ~/.ssh/authorized_keys2 to allow them a tunnel to this webserver. Beware that there are no spaces.

command="while true;sleep 1000; done",no-pty,permit-open="web.example.intra:80"



[ Reply to This | # ]