Ubuntu - server protection when forwarding ports via ssh

MaxNTF

7/28/24, 7:30 AM

I will make a reservation, I am mediocre in Linux systems. I have several Raspbian (Client) devices that have access to the network over LTE (IP over NAT). I have my own server under Ubuntu (server). I plan to automatically run a script on the "client" to forwarding a port via SSH, and for this I created a user without a shell on the "server" (user_123). If the "client" device is opened, you can find "user_123" and the password there. Question - is it possible, knowing this data, to damage my "server"? And what is the safer option? My main goal is to connect via SSH to my devices. This is my algoritmus:

-On server.

$ sudo useradd -s /bin/false user_123

$ sudo passwd user_123

-On device.

$ ssh -fN -R 10022:localhost:22 user_123@serverIp

-On server.

$ ssh -p 10022 device_user@localhost

1 + 0

linux

ubuntu

ssh

port-forwarding

safety

Score:0

Server

lopass

7/28/24, 8:00 AM

I think this answer on askubuntu is a good one with all information well documented: https://askubuntu.com/questions/48129/how-to-create-a-restricted-ssh-user-for-port-forwarding

Reproducing it here seems like it would not be in the spirit of the stackxxx websites

+ 1

MaxNTF

7/28/24, 9:57 AM

Thank you! It seems to be what is needed.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Ubuntu - server protection when forwarding ports via ssh

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.