Topic: Allow user SSH access from Server-Manager

[NickCritten]

Hi All,

I set up some of my remote users with SSH access so that they can RemoteDesktop over SSH to a PC inside the LAN.

Is anyone aware of a Contrib / Server-Manager hack I can use to add a tickbox or similar to the User part of Server-manager that will change the users shell to /bin/bash  ?

I'm perfectly capable of doing it from CLI, but the panel option would be very nice

Cheers,

[NickCritten]

Also is anyone aware of a very restrictive shell I could install, that would allow tunneling but very little else?

Cheers,

[crazybob]

You can use the user remote access contrib from dungog.net to easily change the shell from server manager. As for a more restrictive shell, I do not know.

Have you considered using vpn to allow network access. That would let them connect to the network, but keep them from a CLI on the server

[NickCritten]

Thanks I'll have a look at the dungog.net contrib.

I don't use VPNs for remote users as:

A) Too Flakey
B) Too Complex

With an ssh tunnel I can set up their laptops with Tunnelier (Freeware), which establishes the SSH, and the tunnel, then launches Remote Desktop,  all from one double-click.

Nice and easy and no support headaches for me.

[CharlieBrady]

Also is anyone aware of a very restrictive shell I could install, that would allow tunneling but very little else?

Are the restrictions of the default shell rssh not sufficient?

http://www.pizzashack.org/rssh/

[NickCritten]

Also is anyone aware of a very restrictive shell I could install, that would allow tunneling but very little else?

Are the restrictions of the default shell rssh not sufficient?

http://www.pizzashack.org/rssh/

rssh doesn't allow tunneling

[CharlieBrady]

rssh doesn't allow tunneling

The shell doesn't do tunnelling - sshd does.

[NickCritten]

rssh doesn't allow tunneling

The shell doesn't do tunnelling - sshd does.

Thats only half true... sshd creates one end of the tunnel, usually putty creates the other, and when putty logs onto rssh, it gets kicked out immediately.

As it happens I have always tested the tunnels with putty, and then set them up on tunelier once I've verified they work OK...  I just tried establishing a session to a user set up with rssh straight from tunnelier and it did bring the tunnel up.

I was actually under the impression that standard users had their shell set to null, as they were in SME 6.  I hadn't known about rssh until you mentioned it.