Hi all, please take a look at this initscript with readme that includes separate system UID/GID at both server and client machines and a very restricted authorized_keys entry: https://github.com/obfusk/autossh-init
IMO it eliminates at least some of the security concerns and it suits my usecase (a server behind a poorly managed firewall needs to be accessed via SSH, on init it connects an accessible server and creates an -R localhost:X:localhost:22 tunnel). It would be very convenient to have the system user/group and its private ssh key created with package installation, maybe in a separate package. In case you are willing to accept this but not to implement it, I might send a patch. Thanks for considering. Regards, Pavel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org