Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

8
  • I will try this one out:P thx!
    – LanceBaynes
    Commented Jun 3, 2011 at 9:41
  • 3
    To add to Caleb's answer, you may also need to tell the client to not to execute a shell. With the openssh command line, this is done with the -N flag. There is a similar option in PuTTY, but I don't recall the exact name.
    – Bill B
    Commented Jun 3, 2011 at 19:28
  • 3
    Sorry, I wasn't clear - I meant in combination with the server setting. It's been my experience in the past that if you set the shell to something that's not a shell, you can't connect at all because it tries to open a shell but can't. So the security is enforced on the server side (using Caleb's method) but if you have issues connecting after that, you may need to set the client-side switch.
    – Bill B
    Commented Jun 4, 2011 at 4:44
  • 15
    You create such user with useradd sshtunnel -m -d /home/sshtunnel -s /bin/true.
    – fracz
    Commented Jun 11, 2016 at 16:48
  • 1
    I actually used the shell /usr/sbin/nologin, and this works well too (as long as I use the -N option when issuing the ssh -R command, otherwise it attempts to launch the shell which fails and returns). Any idea if it is maybe "even better" to use this shell, as then really no user login happens? :)
    – Zorglub29
    Commented Mar 6, 2022 at 20:36