Minimal shell for SSH tunnel?

[thedaver]

I want to tunnel my laptop's IMAP traffic over an SSH2 connection.

I've got it working, but I'm using Putty (Win laptop) and thusfar I'm signing into the server's user account manually.

That's fine for now, but I'm considering putting in a public key authentication. However, if the laptop gets stolen, I want to ensure that the account on the server is of no value to the thief.

Thus, I was considering creating a new account with shell="/bin/nologin" or something. However, my belief is that SSH/Putty would not be successful in connecting in either password or public key mode.

What can be done to configure the server's user account that receives the tunnel to minimize the "risk"?

Thanks,
Dave.

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[jouell]

man sshd


check out:

command="command"
environment="NAME=value"


They should get you started.

 

[jouell]

http://www.linuxjournal.com/article/8257

This may help too....

-John

 

[thedaver]

I've tested a couple of things...

First, using a shell such as /bin/nologin or /bin/false does not permit SSH logins. Thus no tunnel. Not useful.

I built a shell (bash script) that ran an infinite loop on "sleep 5000". I made the server user's shell that script and was able to login. However, I wasn't able to run the IMAP command(s) needed to reach the remote end of the IMAP server.

The comments from "jouell" are interesting, but my opinion is that they do not meet the need of serving up IMAP for several accounts concurrently. Will try.

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/