SSH (among other things) is a secure way of proxy-ing your traffic, web browsing or accessing a service remotely which is blocked by a firewall. In case we want someone else to have that access or securely proxying his traffic etc etc, we need to provide a user account with ssh-only access to our ssh server… Well, the solution described below is not best practice but it’s secure and fast to implement.
- Create a user, set the home folder, set preferred shell (rbash or nologin if you want your user use keys and not password).
- Give it a password
- Append at the end of the .profile file an empty variable PATH, so even if the user log in he can’t do anything else than… just log in!
- Remove write permissions from home directory.
- Remove write permissions form .bash_logout, .profile and .bashrc
useradd sshtunnel -m -d /home/nameoftheuser -s /bin/rbash
echo "PATH=\"\"" >> /home/nameoftheuser/.profile
chmod 555 /home/nameoftheuser/
chmod 444 .bash_logout .bashrc .profile