OpenSSH: tunnel-only user

From lxadm | Linux administration tips, tutorials, HOWTOs and articles
Jump to: navigation, search

To create a SSH user which is only allowed SSH tunneling, add the following to /etc/ssh/sshd_config:

Match User some-user
   #AllowTcpForwarding yes
   #PermitTunnel no
   #GatewayPorts no
   X11Forwarding no
   AllowAgentForwarding no
   PermitOpen localhost:3306
   PasswordAuthentication yes
   ForceCommand echo 'This account can only be used for mysql tunnel'