Closed blueyed closed 8 years ago
The-Compiler
commented
8 years ago The readme already recommends creating a new user with /bin/false as the shell. What does this improve over that recommendation? (honest question, because I have no idea)
blueyed
commented
8 years ago Yes, I've noticed that, but thought that it might still be possible to run programs - which does not seem to be the case.
The command= approach seems to be necessary/useful only in case you actually want to run some program and/or the user is used not only for tunnelling.
Thanks for a nice tool, closing the issue.
For security reasons you might want to recommend using the following in
~/.ssh/authorized_keys(before the key):