How to create a restricted SSH user for port forwarding?
- by Lekensteyn
ændrük suggested a reverse connection for getting an easy SSH connection with someone else (for remote help). For that to work, an additional user is needed to accept the connection. This user needs to be able to forward his port through the server (the server acts as proxy).
How do I create a restricted user that can do nothing more than the above described?
The new user must not be able to:
execute shell commands
access files or upload files to the server
use the server as proxy (e.g. webproxy)
access local services which were otherwise not publicly accessible due to a firewall
kill the server
Summarized, how do I create a restricted SSH user which is only able to connect to the SSH server without privileges, so I can connect through that connection with his computer?