On Wed, 2002-08-14 at 11:34, Mike Dresser wrote: > I've got a series of remote locations that I need to be able to connect to > from head office. > > I need to be able to give a user the ability to ssh in, using port > forwarding(such as through putty), to a machine inside the firewall at > the remote location. > > So I load up putty, setup the forward, and it works and all. > > Here's the catch.. There's a shell running in the background. How do I > do this, without leaving a shell running around where the "untrusted" user > can access it? > > There's an option in ssh to not allocate a pseudo-terminal, but I don't > trust the user not to change that. I need something server-side for that > user login. Edit your /etc/passwd file and instead of /bin/bash point it to a script which you will create, say /usr/local/bin/dummyshell then, create the file /usr/local/bin/dummyshell which will contain #!/bin/sh echo "Press enter to close" read enterpressed run chmod +x /usr/local/bin/dummyshell now when your user logs in, he will just get that prompt. Another possibility is to use normal port forwarding via ipchains or iptables so that this intermediate step is not needed at all. You should be able to find plenty of documentation on how to do it. If not, see this list. -Mark
Attachment:
signature.asc
Description: This is a digitally signed message part