I do not think that a user with limited rights can do anything, even if he does the ssh server command, because the commands are executed using the shell, and this shell does nothing.
Two main things you need to remember:
Make sure you chmod 700 .ssh
Add public key block to authorized keys –3 votes
Youll generate a key on the user’s computer through any ssh client they use. PUTTY, for example, has a utility that does just that. It will generate both aprivate and public key.
The contents of the generated public key file will be placed in the file author_keys.
You need to make sure that the ssh client is configured to use the private key that generated the public key. It is quite simple, but slightly different depending on the client used.
Posted on 04/04/2012 by Oleksii Bohomaz
Boleems a long time I did not catch a cold. I will use the opportunity and write how you can access any resource behind a NAT (firewall), even if the ports are not forwarding Until recently, I did not believe in this kind of magic as it turned out everything in our world is possible, just needed to approach the problem from the other side
but as everywhere there are disadvantages we need one white IP (client The idea is that we build a tunnel on a computer that is behind NAT (firewall), that it connects to a client with a white IP, and that one connecting to us we are interested in actually asking
1. Build a tunnel to the client with a white ip
ssh -f -N -R 2222: localhost: 22 username client_real_IP
Naturally username must exist in the system
2. On the client with white IP, enter
But that’s not all, Tunel from the world into the network: We enter on your computer:
ssh -f -N -L 4080: 192.168.0.10: 80 firstname.lastname@example.org
Similarly, we enter on our host:
w3m -dump http: localhost: 4080
and we get access to the web-resource of the node 192.168.0.10, which is located behind the host 220.127.116.11 (natit our gray mesh 192.168.0 24).
Do not forget that timeout tunnels are disabled or autossh or keepalive to help