Fastest recipet how to build ssh tunnel for port forwarding without risks of file access beause of sftp which cannot be disabled
# vi /etc/ssh/sshd_config
Match User sasha ChrootDirectory /home/sasha AllowTCPForwarding yes X11Forwarding no
# /etc/init.d/sshd reload
# ldd /bin/bash linux-vdso.so.1 => (0x00007ffe7e902000) libtinfo.so.5 => /lib64/libtinfo.so.5 (0x00007ff32946f000) libdl.so.2 => /lib64/libdl.so.2 (0x00007ff32926b000) libc.so.6 => /lib64/libc.so.6 (0x00007ff328ed6000) /lib64/ld-linux-x86-64.so.2 (0x00007ff32969a000)
# mkdir {bin,dev,lib64} # cp /bin/{bash,echo,sleep} ./bin/ # cp /lib64/{libtinfo.so.5,libdl.so.2,libc.so.6,ld-linux-x86-64.so.2} ./lib64/ # mkdir /home/sasha/dev/pts # mount -t devpts devpts /home/sasha/dev/pts # mknod -m 660 ./dev/tty c 4 64 # base address 0x3f8
# vi ./bin/nosh
#!/bin/bash /bin/echo -e "\r\n\033[32mSSH tunnel started, shell disabled by the system administrator\r\n" while [ true ] ; do sleep 1000 done exit 0
# chmod +x ./bin/nosh
/bin/nosh shoul be user shell via vipw