Skip to content →

Secure tunnel without risks

Share on FacebookShare on Google+Tweet about this on TwitterShare on VKShare on TumblrPin on Pinterest

Fastest recipet how to build ssh tunnel for port forwarding without risks of file access beause of sftp which cannot be disabled

# vi /etc/ssh/sshd_config
Match User sasha
ChrootDirectory /home/sasha
AllowTCPForwarding yes
X11Forwarding no
# /etc/init.d/sshd reload
# ldd /bin/bash
linux-vdso.so.1 => (0x00007ffe7e902000)
libtinfo.so.5 => /lib64/libtinfo.so.5 (0x00007ff32946f000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007ff32926b000)
libc.so.6 => /lib64/libc.so.6 (0x00007ff328ed6000)
/lib64/ld-linux-x86-64.so.2 (0x00007ff32969a000)
# mkdir {bin,dev,lib64}
# cp /bin/{bash,echo,sleep} ./bin/
# cp /lib64/{libtinfo.so.5,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} ./lib64/
# mkdir /home/sasha/dev/pts
# mount -t devpts devpts /home/sasha/dev/pts
# mknod -m 660 ./dev/tty c 4 64 # base address 0x3f8
# vi ./bin/nosh
#!/bin/bash
/bin/echo -e "\r\n\033[32mSSH tunnel started, shell disabled by the system administrator\r\n"
while [ true ] ; do
sleep 1000
done
exit 0
# chmod +x ./bin/nosh

/bin/nosh shoul be user shell via vipw

Share on FacebookShare on Google+Tweet about this on TwitterShare on VKShare on TumblrPin on Pinterest

Published in administration