2

So I'm trying to figure out how to establish a tunnel, but nothing else. I don't want the user to have shell access.

I found this ssh tunneling only access

Is this information outdated or something? Everytime I try to login through ssh where I've set the shell of the user to /usr/(s)bin/nologin, or /bin/false, bin/true, etc.,

instead of saying:

This account is currently not available.

it says:

Permission denied, please try again.

Password is correct. I know this with absolute certainty because I typed it out and then pasted it into the console to make sure there were no mistakes. Changing the user's shell back to nologin and trying to reconnect with the same password that worked with an actual shell still in the clipboard it said Permission denied.

I've tried putting ForcedCommand internal-sftp in the config file, but that didn't do anything either.

I've tried using one those scripts I found from searching to make a fakesh and set the user's shell to that, but ssh doesn't accept that either. The only way to make it work is to set the user to an actual shell. What is going on here?

Improve this question
2
  • Could you add the relevant sshd logs? sudo journalctl -b -t sshd Commented Apr 7, 2021 at 3:20
  • @mircea-vutcovici I figured out the answer. Thank you for taking time out of your day though. I really appreciate it! Commented Apr 7, 2021 at 3:30

1 Answer 1

Reset to default
2

I actually figured it out. It was a problem with PAM. Apparently you need to add /usr/bin/nologin to /etc/shells otherwise it will refuse to authenticate the connection.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.