SSH user without any rights on a server

[Avi Greenbury]

Frank wrote:
> Unfortunately, that's not an option.
> They move between different locations so I never know their IP address.
> They have no access to routers/firewall in order to forward port 22 (and
> even If they have access to the router's settings, I doubt they know
> what to do).

I'd be inclined to give each of them an SSH key and have them log on 
that way, personally. Massively increases the security, to the point 
where you could perhaps provide *some* diagnostic tools on the 
intermediate server (they could, for example, test if whatever 
networking issue they're having locally also affects the server).

Making it easy for someone to get in because once they're in they can't 
do much is not the right way to do it for most values of 'it'.

-- 
Avi