From: Stephen Biggs (xyzzy_at_hotpop.com)
To: SSH list <email@example.com> Date: 24 Aug 2003 10:51:45 +0300
I have a machine behind a firewall that I connect out to another machine
using remote port forwarding. Then, on the outer machine, I tunnel back
through to the firewalled machine by accessing the listening port with
This works fine but seems more than a little insecure. I would rather
have the firewalled machine connect to the outer machine with a special
account that only allows this connection without any other ability to
normal SSH and login.
I was thinking that the outer machine could define a user with
"/bin/false" as its shell. I already connect using "-T -N" which should
not need a remote shell. Would this work and would this also prevent
SCP/SFTP from running?