 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Fri, 20 Oct 2006, Bob - BLU wrote: > I have this old Unix system that I am migrating to Linux (RHEL4). Most of > the users connect through telnet and are dropped into a shell script that > gives them a menu of application choices. I am deprecating the use of telnet > for ssh. However, I need to limit the capabilities provided by ssh down to > just that shell script via a unix passwd login, like they have now via > telnet. No port forwarding, no scp, no sftp, nothing else for the end users. > System admin users should still be able to scp, port forward, etc. > > With a little bit of tinkering I have discovered that replacing the user > login shell with a bash script allows me control scp and sftp, by watching > the command line agreements passed in. Port forwarding is another matter > though. How to disable that on a per user/group basis? > > Any guidance on the best way to accomplish this lockdown of ssh will be > greatly appreciated. If you're able to restrict login access to ssh keys instead of password authentication I believe you can set the command to be executed in the authorized keys file. This will effectively limit what the user can do to a single command. -- Greg -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
