tunneling user:
useradd -s /bin/false tunnel_u
chown -R tunnel_u:tunnel_u /home/tunnel_u/.ssh
chmod 755 /home/tunnel_u/.ssh
chmod 600 /home/tunnel_u/.ssh/authorized_keys
less /home/tunnel_u/.ssh/authorized_keys
ssh-keygen -t rsa -C "Remote user tunnel_u@agr..."
scp -P 2222 /home/epcim/.ssh/id_rsa-myorg-tunnel_u.pub root@myorg.cz:/home/tunnel_u/.ssh/authorized_keys
ssh -p 2222 -fNg -L7780:127.0.0.1:80 -i ~/.ssh/id_rsa-myorg-tunnel_u tunnel_u@myorg.cz
vi /etc/ssh/sshd_config vi /home/tunnel_u/.ssh/authorized_keys:
permitopen="127.0.0.1:9980",permitopen="127.0.0.1:9981",no-pty,no-X11-forwarding ssh-rsa AAAAB3N......