+ + Creating a Useless User + + +
+ + + + + +Story +In my previous post, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in ...
+diff --git a/2021/12/24/first-blog-post.html b/2021/12/24/first-blog-post.html index d1f7161..9ace528 100644 --- a/2021/12/24/first-blog-post.html +++ b/2021/12/24/first-blog-post.html @@ -402,6 +402,53 @@ So here I am and welcome to my first blog. Having a personal space on the Intern +
Story +In my previous post, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in ...
+cat some_file | grep some_pattern - -I’m sure that you run a command something like above at least once if you are using terminal. You know how cat and grep wo...
-Story +In my previous post, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in ...
+Hello, World!* So here I am and welcome to my first blog. Having a personal space on the Internet has been a dream for me for years and I am happy that it fi… -
-Story +In my previous post, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in ...
+Hello, World!* So here I am and welcome to my first blog. Having a personal space on the Internet has been a dream for me for years and I am happy that it fi… -
-Story +In my previous post, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in ...
+Hello, World!* So here I am and welcome to my first blog. Having a personal space on the Internet has been a dream for me for years and I am happy that it fi… -
-Story +In my previous post, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in ...
+Hello, World!* So here I am and welcome to my first blog. Having a personal space on the Internet has been a dream for me for years and I am happy that it fi… -
-In my previous post, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in our desktop at home or my girlfriend’s computer. Now, of course I don’t want to give them access to my server. But they also need to have a user in my server to be able to perform port forwarding via ssh. So I wanted to create a user with least privileges to make sure nothing goes wrong.
+ +I searched the problem in it turned out to be very simple. You just need to add two additional flags to adduser
command while creating the user.
sudo adduser uselessuser --shell=/bin/false --no-create-home
+
Now, uselessuser
can’t do anything useful in your server. If they try to login, the connection will be closed immediately.
❯ ssh uselessuser@remote.host
+uselessuser@remote.host\'s password:
+Could not chdir to home directory /home/uselessuser: No such file or directory
+Connection to remote.host closed.
+
But they can still do forward the remote port to their local machine.
+❯ ssh -Nf -R 7777:localhost:22 uselessuser@remote.host
+uselessuser@remote.host\'s password:
+
The -N
option is the most important one here. From the documentation:
++ ++-N Do not execute a remote command. This is useful + for just forwarding ports. Refer to the description + of SessionType in ssh_config(5) for details. +
I love learning new things everyday. I knew setting the shell of a user to /bin/false
will prevent them from logging in. The reason I wrote this blog post is because 2 things I wanted to share:
-N
flag of the ssh command was also surprising for me. It was like as if someone had encountered these problems before and just took the exact steps required to solve this problem for me. I mean look at the documentation. Crazy!Story +In my previous post, I explained how to do port forwarding to access some machine behind private network. I will use this method to fix some issues in ...
+