An SSH service for funneling login users through a single system user.
funneld is a fairly simple ssh server written in Python. The main use-case is for presenting a specific program to users using ssh to access a host.
funneld solves the additional problem of needing to run a web-service or other registration mechanism. The first time any username used to login, it is immediately associated with the incoming public key. Subsequent logins for the username will require the original public key. Every user logging in is forced to execute the shell of the configured "funnel user".
You can install
funneld with pip:
pip install funneld
A system user will be needed for running the desired shell program. In this case we create the user
foobar with the
htop program as the shell:
useradd -s /usr/bin/htop foobar
The service will route all logins through the shell of the specified user:
funneld --port 2200 foobar
The service will be made available on port
22 by default. Change it with the
The public keys that are bound to usernames are stored in the home directory of the funnel user:
If the funnel user is specified as
foobar was created with the shell set to
/usr/bin/htop then logging in as any user will result in running it:
useradd -s /usr/bin/htop foobar funneld --port 2200 foobar # login to execute htop # and claim the "anything" username ssh -p 2200 anything@localhost # public key saved to /home/foobar/.ssh/anything.pub