For one of our applications where occassionally the client runs on an external network, we need to hop through...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
a bastion box to the application server, which lies within a SON. We are port forwarding the traffic (TCP2531) over the SSH session.
We are requiring authentication (SecurID) to SSH to the bastion box but have a script that will connect the user from the bastion box to the application server using the following command:
/usr/local/bin/ssh -l username -L
My question is this: We need the port forwarding for the application but we don't want the user to then have access to a shell. I've tried setting the shell to /dev/null to no avail. Any suggestions on how we can prevent the user from gaining access to the appserver but allow the port forwarding over SSH to work?
Thanks in advance!
tail -f to the rescue! This command is typically used to see the contents of text log files (tail -f /etc/something.log), but it can be helpful in other areas as well.
You are on the right track with /dev/null, but you need to do things a little differently. Try this command:
ssh -f -L 2531:127.0.0.1:2531 tail -f /dev/null
In this example, the tail -f /dev/null is used to keep the session open. This way, you don't have an actual shell session open and running.
Dig Deeper on Linux servers
Related Q&A from Kenneth Milberg
Need a PaaS platform with strong production support? Explore production support and SLAs of AWS Elastic Beanstalk, IBM Bluemix, Google App Engine and...continue reading
When you move to PaaS for your web-based apps, remember to think about database services. Consider the benefits of moving your database to a fully ...continue reading
Making sure that your PaaS offering and the web development framework of your choice agree can be tricky. Learn how to choose the best framework for ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.