Find the answer to your Linux question:
Results 1 to 2 of 2
Hello, I just set up a server with SSH access. I made an account called "tunnel", and made a perl script saying this account is only intended for remote tunneling ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 03-05-2012 #1
    Pyrobisqit
    Pyrobisqit is offline
    Just Joined! Pyrobisqit's Avatar
    Join Date
    May 2011
    Posts
    21

    Securing SSH setup

    Hello,

    I just set up a server with SSH access. I made an account called "tunnel", and made a perl script saying this account is only intended for remote tunneling and nothing else. After that message, the user can press enter to close the terminal.

    I logged into the account using FileZilla, with the SFTP protocol. And it logs in succesfully, showing no directories, which is exactly what I want.

    This account has no sudo acces and it's used for logging in from non-trustable machines.

    The question is: Is it enough to have an account without /bin/bash to avoid people doing anything with such account?

    Also, when logging in, the system tries to cd into /home/tunnel. (Which doesn't work because I didn't create the folder in the first place). Is there any way to prevent the system from cd'ing into /home/tunnel when logging in with tunnel (but letting other users cd into their $HOME as usual)?
    Reply With Quote Reply With Quote
  2. 04-06-2012 #2
    dayid
    dayid is offline
    Just Joined!
    Join Date
    May 2011
    Location
    Central FL
    Posts
    78
    Quote Originally Posted by Pyrobisqit View Post
    [...]
    The question is: Is it enough to have an account without /bin/bash to avoid people doing anything with such account?
    What is the login shell for the account set to? If you set it to be your perl script, what is to stop someone from logging in, killing (or backgrounding) the perl script, and then having a useful shell? It also depends on what type of security you mean by "avoid people doing anything". Pending your configuration/settings, this user (as you've seen with your current settings) still log in through SFTP and browse the filetree; they may be able to view other files on the system that you may not want them to be able to, etc.
    Quote Originally Posted by Pyrobisqit View Post
    Also, when logging in, the system tries to cd into /home/tunnel. (Which doesn't work because I didn't create the folder in the first place). Is there any way to prevent the system from cd'ing into /home/tunnel when logging in with tunnel (but letting other users cd into their $HOME as usual)?
    Sure, change the user's $HOME (in /etc/passwd) to wherever you would like it to deposit the user when it logs in. Pending the distribution (and what tools you used to create the user, whether you did it manually or through a script), it most likely just presumed that you would use /home/USERNAME as the $HOME
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules