<!-- begin _includes/seo.html --><title>Creating a Useless User - Şahin Akkaya’s Personal Page</title>
<metaname="description"content="Story In my previous post, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in our desktop at home or my girlfriend’s computer. Now, of course I don’t want to give them access to my server. But they also need to have a user in my server to be able to perform port forwarding via ssh. So I wanted to create a user with least privileges to make sure nothing goes wrong.">
<metaproperty="og:description"content="Story In my previous post, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in our desktop at home or my girlfriend’s computer. Now, of course I don’t want to give them access to my server. But they also need to have a user in my server to be able to perform port forwarding via ssh. So I wanted to create a user with least privileges to make sure nothing goes wrong.">
<!-- insert favicons. use https://realfavicongenerator.net/ -->
<!-- end custom head snippets -->
</head>
<bodyclass="layout--single">
<navclass="skip-links">
<ul>
<li><ahref="#site-nav"class="screen-reader-shortcut">Skip to primary navigation</a></li>
<li><ahref="#main"class="screen-reader-shortcut">Skip to content</a></li>
<li><ahref="#footer"class="screen-reader-shortcut">Skip to footer</a></li>
</ul>
</nav>
<!--[if lt IE 9]>
<divclass="notice--danger align-center"style="margin: 0;">You are using an <strong>outdated</strong> browser. Please <ahref="https://browsehappy.com/">upgrade your browser</a> to improve your experience.</div>
<metaitemprop="headline"content="Creating a Useless User">
<metaitemprop="description"content="StoryIn my previous post, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in our desktop at home or my girlfriend’s computer. Now, of course I don’t want to give them access to my server. But they also need to have a user in my server to be able to perform port forwarding via ssh. So I wanted to create a user with least privileges to make sure nothing goes wrong.">
<p>In my <ahref="/2022/02/26/ssh-into-machine-that-is-behind-private-network.html">previous post</a>, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in our desktop at home or my girlfriend’s computer. Now, of course I don’t want to give them access to my server. But they also need to have a user in my server to be able to perform port forwarding via ssh. So I wanted to create a user with least privileges to make sure nothing goes wrong.</p>
<h2id="the-solution">The solution</h2>
<p>I searched the problem in it turned out to be very simple. You just need to add two additional flags to <codeclass="language-plaintext highlighter-rouge">adduser</code> command while creating the user.</p>
<p>Now, <codeclass="language-plaintext highlighter-rouge">uselessuser</code> can’t do anything useful in your server. If they try to login, the connection will be closed immediately.</p>
for just forwarding ports. Refer to the description
of SessionType in ssh_config(5) for details.
</code></pre></div></div>
</blockquote>
<h2id="last-words">Last words</h2>
<p>I love learning new things everyday. I knew setting the shell of a user to <codeclass="language-plaintext highlighter-rouge">/bin/false</code> will prevent them from logging in. The reason I wrote this blog post is because 2 things I wanted to share:</p>
<ul>
<li>While looking for a solution to the problem I mentioned, I searched <em>“create a user with no privileges in linux”</em> and <ahref="https://askubuntu.com/questions/1174376/how-to-create-a-user-with-the-least-privileges-permissions-but-enough-to-do-ssh">this</a> came out. It is really interesting for me that another person wanted to do the same thing for the <em>exact same reasons</em>. They were also trying port forwarding via ssh and they wanted to create a limited user in their server to give friends. So the question was a <strong>perfect fit</strong> to the problem.</li>
<li>The <codeclass="language-plaintext highlighter-rouge">-N</code> flag of the ssh command was also surprising for me. It was like as if someone had encountered these problems before and just took the exact steps required to solve this problem for me. I mean look at the documentation. Crazy!</li>
<pclass="archive__item-excerpt"itemprop="description">It’s been a while… It has been so long that I forgot how I was writing my blogs back then. My life didn’t change that much. Actually, it is getting worse.