I have a person who will need access to my SSH server, but I want them to have limited access to programs. All they should be using is ssh, to login to another server. My server is an access point to another server. I don't want this user to run programs other than the ssh program they need to get on the other network.
Ideally, when they login, they would be redirected to another SSH login, and not have any other immediate option to do anything else.
No SSH users have root permissions.
How might I be able to set this up?
I am thinking I can do it with their bashrc files. I'll write a secondary login script that executes when they login. Is there a way for a user to login to an SSH server, and ignore their bashrc file on login?
Is there a better way I should consider?
Best Answer
Consider using a
ForceCommand
directive insshd_config
. For example, I use these to force groups of users to a set of servers:You could use: