Skip to content →

Secure tunnel without risks

Share on FacebookShare on Google+Tweet about this on TwitterShare on VKShare on TumblrPin on Pinterest

Извините, этот техт доступен только в English.

Fastest recipet how to build ssh tunnel for port forwarding without risks of file access beause of sftp which cannot be disabled

# vi /etc/ssh/sshd_config
Match User sasha
ChrootDirectory /home/sasha
AllowTCPForwarding yes
X11Forwarding no
# /etc/init.d/sshd reload
# ldd /bin/bash
linux-vdso.so.1 => (0x00007ffe7e902000)
libtinfo.so.5 => /lib64/libtinfo.so.5 (0x00007ff32946f000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007ff32926b000)
libc.so.6 => /lib64/libc.so.6 (0x00007ff328ed6000)
/lib64/ld-linux-x86-64.so.2 (0x00007ff32969a000)
# mkdir {bin,dev,lib64}
# cp /bin/{bash,echo,sleep} ./bin/
# cp /lib64/{libtinfo.so.5,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} ./lib64/
# mkdir /home/sasha/dev/pts
# mount -t devpts devpts /home/sasha/dev/pts
# mknod -m 660 ./dev/tty c 4 64 # base address 0x3f8
# vi ./bin/nosh
#!/bin/bash
/bin/echo -e "\r\n\033[32mSSH tunnel started, shell disabled by the system administrator\r\n"
while [ true ] ; do
sleep 1000
done
exit 0
# chmod +x ./bin/nosh

/bin/nosh shoul be user shell via vipw

Share on FacebookShare on Google+Tweet about this on TwitterShare on VKShare on TumblrPin on Pinterest

Published in администрирование