SSH user without any rights on a server

[Frank]

Dear Ubuntu List

In order to open a reverse ssh connection between PC A and PC B, I'm
using a "server in the middle", according to this guide [Real life
example 2]

http://toic.org/2009/01/18/reverse-ssh-port-forwarding/

Everything works just fine. :-)

Now, I'm concerned about the security risks involved by letting run the
server with SSH port open. The main purpose of this server is to run web
and mail services.

As a precaution, I did the following steps

- sshd is listening on port XXXXX instead of port 22

- I added a user "reverseuser" and a group "reversegroup"

- The user "reverseuser" is not part of any other group but
"reversegroup"

- The only allowed user to login on the SSH server is "reverseuser"

- The home directory of "reverseuser" is /dev/null

- the login shell for "reverseuser" is /bin/ssh-dummy-shell, where
ssh-dummy-shell is a script containing "bash -r -c read".


The idea behind all that is to allow "reverseuser" from PC A to login to
the server only to set up the reverse ssh connection and nothing else.
The server accepts the login request, the ssh link is established. As
soon as the "reverseuser" presses any key, the connection will be lost.
And that's OK ! :-)
Apparently, "reverseuser" is not able to list files, browse folders,
rsync or scp files from the server. 
In other words, "reverseuser" can do nothing on the server, except
establish a reverse ssh connection.

By the way, the password associated to "reverseuser" is very weak. The
reason of the whole thing is to be able to assist some friends on their
Ubuntu laptops. 
They know that if they mess something up, they just have to call me by
phone, type «ssh -R 12345:localhost:22 reverseuser at myserver -p xxxxx» on
a terminal and wait until I fix the mess. :-) 


Look like everything is just secure... or am I missing something? 
Any suggestion or opinion is very welcome!

Many thank for any advice!

Frank (an amateur linux admin)