My Goal: restrict a jump users (into OpenSSH jumpbox) to only SSH to another server. Users should not be able to list directories, cd or anything else except ssh from jumpbox to another server.
What I have:
- Active directory users login into jump server then SSH to other servers
- OpenSSH jump server configured on Ubuntu 20.04
What I've done:
edited the /etc/ssh/sshd_config:
Match User testuser
  AllowTcpForwarding yes
  X11Forwarding no
  AllowAgentForwarding no
  ForceCommand /bin/false
When I add ForceCommand /bin/false, testuser cannot even ssh to jump server. Without it, user can login to jump server but can still list directories and cd.
