* On 2020 15 Sep 13:54 -0500, Fabrice BAUZAC-STEHLY wrote: > To restrict what an SSH account can do, you can use the command="..." > setting in the autorized_keys file. It is documented in sshd(8). I use > it specifically to restrain the possible actions that can be done with > that private key. As the command, you can use any program or script > that can check the arguments and perform the requested action, without > allowing any unforeseen action. This proved to be easiest so far. Once I had the tunnel set up I prefixed the key with 'command="/usr/sbin/nologin"' which gives a failure message when a typical 'ssh user@server' command is issued from the remote computer. Thanks! - Nate -- "The optimist proclaims that we live in the best of all possible worlds. The pessimist fears this is true." Web: https://www.n0nb.us Projects: https://github.com/N0NB GPG fingerprint: 82D6 4F6B 0E67 CD41 F689 BBA6 FB2C 5130 D55A 8819
Attachment:
signature.asc
Description: PGP signature