And is there a way to get around this requirement?
I am trying to set up a service that will provide an SSH tunnel. It basically just needs to run:
ssh -NT -L 8080:localhost:80 tunnel@remote
I have created a "tunnel" user on both the local and remote systems for
this purpose. On the remote system, the tunnel user's shell is set to /bin/true, and this doesn't cause any problems (thanks to the -N
parameter).
However, I've found that SSH doesn't work if the *local* tunnel user
doesn't have a working shell. For example, if I set the local tunnel
user's shell to /sbin/nologin, the connection fails with the following message.
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: ssh_exchange_identification: This account is currently not
available.
ssh_exchange_identification: Connection closed by remote host
"tunnel" is a service account, so it really shouldn't have a shell.
Why is SSH trying to run the *local* user's shell, and is there a way to change this behavior?
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 54:13:18 |
Calls: | 6,650 |
Calls today: | 2 |
Files: | 12,200 |
Messages: | 5,330,613 |