[Freeipa-users] Allow IPA users to create SSH tunnel with no shell
Peter Brown
rendhalver at gmail.com
Mon Dec 17 02:23:44 UTC 2012
Hi Albert,
Have you tried putting that command in the public key for the user in
freeipa and setting the user shell to /sbin/nologin or the equivalent?
On 15 December 2012 02:09, Albert Adams <biteoag at gmail.com> wrote:
> In our environment we have several systems where users require access to
> the system to setup an SSH tunnel but should not have a shell on the
> system. Prior to rolling out IPA we accomplished this with the
> authorized_keys file as follows:
>
> command="/usr/bin/perl -e '$|=1; print \"Tunnel created, use your
> webbrowser to connect to the tool\n\";while(1) { print localtime(time) .
> \"\n\"; sleep
> 60}'",permitopen="localhost:8834",no-agent-forwarding,no-X11-forwarding
>
> Is there a way to accomplish this in IPA?
>
> Regards,
> Albert
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121217/7a4a74b8/attachment.htm>
More information about the Freeipa-users
mailing list