Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Telnet to SSH migration



On Fri, 20 Oct 2006, Bob - BLU wrote:

> I have this old Unix system that I am migrating to Linux (RHEL4).  Most of 
> the users connect through telnet and are dropped into a shell script that 
> gives them a menu of application choices.  I am deprecating the use of telnet 
> for ssh.  However, I need to limit the capabilities provided by ssh down to 
> just that shell script via a unix passwd login, like they have now via 
> telnet.  No port forwarding, no scp, no sftp, nothing else for the end users. 
> System admin users should still be able to scp, port forward, etc.
>
> With a little bit of tinkering I have discovered that replacing the user 
> login shell with a bash script allows me control scp and sftp, by watching 
> the command line agreements passed in.  Port forwarding is another matter 
> though.  How to disable that on a per user/group basis?
>
> Any guidance on the best way to accomplish this lockdown of ssh will be 
> greatly appreciated.

If you're able to restrict login access to ssh keys instead of password 
authentication I believe you can set the command to be executed in the 
authorized keys file.  This will effectively limit what the user can do to 
a single command.

--
Greg

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org