Telnet to SSH migration
gboyce
gboyce at badbelly.com
Fri Oct 20 22:40:16 EDT 2006
On Fri, 20 Oct 2006, Bob - BLU wrote:
> I have this old Unix system that I am migrating to Linux (RHEL4). Most of
> the users connect through telnet and are dropped into a shell script that
> gives them a menu of application choices. I am deprecating the use of telnet
> for ssh. However, I need to limit the capabilities provided by ssh down to
> just that shell script via a unix passwd login, like they have now via
> telnet. No port forwarding, no scp, no sftp, nothing else for the end users.
> System admin users should still be able to scp, port forward, etc.
>
> With a little bit of tinkering I have discovered that replacing the user
> login shell with a bash script allows me control scp and sftp, by watching
> the command line agreements passed in. Port forwarding is another matter
> though. How to disable that on a per user/group basis?
>
> Any guidance on the best way to accomplish this lockdown of ssh will be
> greatly appreciated.
If you're able to restrict login access to ssh keys instead of password
authentication I believe you can set the command to be executed in the
authorized keys file. This will effectively limit what the user can do to
a single command.
--
Greg
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list