Ssh – How to prevent SSH connection be closed by server for a user with nologin shell

ssh

Basic info:
Server OS: CentOS 6.3
Client tool: PuTTY

I SSH to my server using PuTTY.
I added an account with /sbin/nologin shell. When I log on to that account (selecting "never" close window on exit), console says "This account is currently not available" and PuTTY prompts "Connection closed by remote host".

But I expect the server should only say "account not available" without closing the connection, so that I can still tunneling through this connection.

I also noticed that for normal /bin/bash users, when typing exit, sometimes the connection is closed, sometimes the server says "LOGOUT" but still connected (I can still tunneling through it).

So how can I ensure a connection not to be closed for a nologin shell account?

Best Answer

An account with /usr/sbin/nologin as its shell is permitted to set establish port forwarding. However, if you attempt to run a shell command, the connection is forcibly terminated. The fix is to not run a shell command. With OpenSSH (the SSH implementation on almost all non-embedded Unix/Linux systems), pass the option -N to the SSH client.

ssh -N -L 1234:somehost:5678 restricteduser@host.example.com

With PuTTY, tick “Don't start a shell or command at all” in the Connection > SSH tab.

Related Question