Hi, I have created unprivileged user for ssh tunneling (to encrypt vnc) using putty. It works fine, but even unprivileged user can read many config files and execute all kinds of stuff from the shell, which is what I'd like to restrict. Is it possible (and how?) to restrict some user to run only one command just to be able to establish ssh tunnels, but not anything else?
The one enabled command would probably be ssh, but I don't know what is executed behind the scenes when tunnel is established and putty forwards vnc connection via ssh tunnel to openwrt and then vnc server, both running in the remote network.
Thank you.
(Last edited by nozombian on 10 Feb 2018, 21:12)