 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
I have this old Unix system that I am migrating to Linux (RHEL4). Most of the users connect through telnet and are dropped into a shell script that gives them a menu of application choices. I am deprecating the use of telnet for ssh. However, I need to limit the capabilities provided by ssh down to just that shell script via a unix passwd login, like they have now via telnet. No port forwarding, no scp, no sftp, nothing else for the end users. System admin users should still be able to scp, port forward, etc. With a little bit of tinkering I have discovered that replacing the user login shell with a bash script allows me control scp and sftp, by watching the command line agreements passed in. Port forwarding is another matter though. How to disable that on a per user/group basis? Any guidance on the best way to accomplish this lockdown of ssh will be greatly appreciated. -- ..- -... .--- --. -... . --. ... --.. .--- ...- --. ..- ..- .-. -. --.- .... -.-. -. ..-. ..-. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
