SSH tunnel attempt. Unable to establish SSH connection without actual shell. (Arch Linux)
So I'm trying to figure out how to establish a tunnel, but nothing else. I don't want the user to have shell access.
I found this ssh tunneling only access
Is this information outdated or something? Everytime I try to login through ssh where I've set the shell of the user to /usr/(s)bin/nologin, or /bin/false, bin/true, etc.,
instead of saying:
This account is currently not available.
it says:
Permission denied, please try again.
Password is correct. I know this with absolute certainty because I typed it out and then pasted it into the console to make sure there were no mistakes. Changing the user's shell back to nologin and trying to reconnect with the same password that worked with an actual shell still in the clipboard it said Permission denied.
I've tried putting ForcedCommand internal-sftp in the config file, but that didn't do anything either.
I've tried using one those scripts I found from searching to make a fakesh and set the user's shell to that, but ssh doesn't accept that either. The only way to make it work is to set the user to an actual shell. What is going on here?
Solution 1:
I actually figured it out. It was a problem with PAM. Apparently you need to add /usr/bin/nologin to /etc/shells otherwise it will refuse to authenticate the connection.