Single-Purpose SSH account, exclusively for Reverse Port Forwarding

Posted by drfloob on Server Fault See other posts from Server Fault or by drfloob
Published on 2010-04-02T23:20:34Z Indexed on 2010/04/02 23:23 UTC
Read the original article Hit count: 553

On my Debian system, I'd like to create a user that is only allowed to do a Reverse Port Forward from their machine to my server, but I'm not sure how to create a limited user specifically for this purpose.

For example, we'll call my server 'Sam' and my laptop 'Luke'. I'd like a user on Luke to be able to execute a reverse port forward ssh command to Sam, so that port 4321 on Sam is tunneled to port 4321 on Luke. For example:

ssh -fnR 4321:localhost:4321 -l limitedUser Sam

How can I create a user on Sam that is only allowed to execute this command?

© Server Fault or respective owner

Related posts about ssh

Related posts about port-forwarding