And is there a way to get around this requirement?
I am trying to set up a service that will provide an SSH tunnel. It
basically just needs to run:
ssh -NT -L 8080:localhost:80 tunnel@remote
I have created a "tunnel" user on both the local and remote systems for
this purpose. On the remote system, the tunnel user's shell is set to
/bin/true, and this doesn't cause any problems (thanks to the -N
However, I've found that SSH doesn't work if the *local* tunnel user
doesn't have a working shell. For example, if I set the local tunnel
user's shell to /sbin/nologin, the connection fails with the following
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: ssh_exchange_identification: This account is currently not
ssh_exchange_identification: Connection closed by remote host
"tunnel" is a service account, so it really shouldn't have a shell.
Why is SSH trying to run the *local* user's shell, and is there a way to
change this behavior?
Ian Pilcher arequ...@gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------