Allow user to set up an SSH tunnel, but nothing else

Question

I\'d like to allow a user to set up an SSH tunnel to a particular machine on a particular port (say, 5000), but I want to restrict this user as much as possible. (Authentica

Answer 1

I'm able to set up the authorized_keys file with the public key to log in. What I'm not sure about is the additional information I need to restrict what that account is allowed to do. For example, I know I can put commands such as:

no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding

You would want a line in your authorized_keys file that looks like this.

permitopen="host.domain.tld:443",no-pty,no-agent-forwarding,no-X11-forwardi
ng,command="/bin/noshell.sh" ssh-rsa AAAAB3NzaC.......wCUw== zoredache