minad brot # useradd -s /sbin/nologin -m -U brot_homeassistant_portfw
minad brot # passwd -l brot_homeassistant_portfw
passwd: Passwortablauf-Informationen geändert.
minad brot # su brot_homeassistant_portfw -s /bin/bash
brot_homeassistant_portfw@minad ~ $ echo "SSH KEY HIER EINFÜGEN" > ~/.ssh/authorized_keys
- /etc/ssh/sshd_config
(...)
Match User brot_homeassistant_portfw
AllowTcpForwarding remote
X11Forwarding no
PermitTunnel no
GatewayPorts no
AllowAgentForwarding no
ForceCommand echo 'This account can only be used for portforwarding'
(...)
root@pi-homeassistant:/home# useradd -m -s /bin/false brot_homeassistant_portfw
root@pi-homeassistant:/home# su brot_homeassistant_portfw -s /bin/bash
brot_homeassistant_portfw@pi-homeassistant:/home$ cd
brot_homeassistant_portfw@pi-homeassistant:~$ ssh-keygen -t ed25519
- /etc/systemd/system/homeassistant-ssh-portfw.service
[Unit]
Description=Portfw homeassistant to minad.de
After=network.target
[Service]
User=brot_homeassistant_portfw
ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=30 -o ExitOnForwardFailure=yes -R 47443:localhost:80 brot_homeassistant_portfw@minad.de -p 55555
# Immer restarten, aber nicht hektisch loopen
RestartSec=15
Restart=always
[Install]
WantedBy=multi-user.target