linux

How to connect to a gray ip via ssh?

It is required to forward a port to a machine from a machine with a gray ip to a machine with a white one.
Now I have a solution to this problem, using port forwarding. Those to the machine with a white ip are connected via ssh and forwarding is already configured there. In this solution, everything suits me, except for the fact that the server (which has a server ip) gets full access to the machine. Thus the question arises how to set up an ssh server so that it only allows port forwarding and nothing else. Windows is installed on a machine with a white ip, there was even an idea to spin a virtual machine with linux for these purposes, but I think this option is too redundant. Maybe there is some container for ssh? as I understand it, the problem cannot be solved simply by setting the access rights in windows, the user will still have excessive rights.
Now I'm doing this ssh [email protected]_IP -R 127.1:1022:127.1:22
but this scheme has the above-described drawback, in addition to the forwarding port itself, we get extra rights
. In the discussion, it turned out that I was asking the question badly. so in more detail
there is machine A gray ip.
There is a machine B white ip.
The task is very simple, connect from machine B to the ssh server of machine A.
Above, I wrote my solution, but in addition to the actual ability to connect via ssh, we get user rights and no matter how you cut the rights by the system, there will still be superfluous ones.
As an option, you can configure vpn, but for the task of connecting to one port, it seems to me too "fat" solution, and again, machine A gets access to the subnet of machine B. which is also superfluous.