We have set up a remote server at the other corner of the Net to allow
our staff log into the machine using ssh, set up a tunnel, and then
forward all their connections through the tunnel securely. We do not
want to allow login shell access to the system. So basically what we do
is to have a dummy shell for each of the logins. The dummy shell is
simply a program doing nothing other than sleep() system call for many
many seconds. That way logging in is fine but no access to the system.
Would appreciate if anyone can point out any security concerns with such
setup. I am especially concerned if there are ways to break out of the
dummy shell (in which case I assume the ssh connection will be dropped)
or anything I don't know to compromise it.
thanx
