I have on my Debian server a
user1
with user1:x:1001:1001:,,,:/home/user1:/bin/bash
and a
user2
with user2:x:1002:1002::/home/user2:/usr/sbin/nologin
I can establish an SSH
remote port forwarding
connection with both to this users,
but only with user1
can I establish a local port forwarding
connection to this user1
.
Why is this not possible with user2
and /usr/sbin/nologin
, why can /usr/sbin/nologin
do remote port forwarding
connection but not a local port forwarding
connection to this user2
?
local port forwarding
ssh user1
success:
ssh -L 5002:localhost:5001 -i [KEY] -p [PORT] user1@[IP]
ssh user2
fail:
ssh -L 5002:localhost:5001 -i [KEY] -p [PORT] user2@[IP]
This account is currently not available.
Connection to xxx.xxx.xxx.xxx closed.
So, I have a local server that establishes a remote port forwarding connection to an external server through a service. The user has no restrictions. I can now access the local server from my client through the external server. Now, I want to set up local port forwarding to the local server via the external server. It works with user1, but not with user2 because user2 has /usr/sbin/nologin
How can I still establish a local port forwarding
connection to this user2
, with these settings without the user2
getting a shell or shell settings, stay with /usr/sbin/nologin
or is that not possible?