[Bug 935] Restrict commands in sshd_config

[bugzilla-daemon at mindrot.org]

http://bugzilla.mindrot.org/show_bug.cgi?id=935

           Summary: Restrict commands in sshd_config
           Product: Portable OpenSSH
           Version: 3.8.1p1
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: cjensen at gmail.com


It would be nice if the sshd_config could specify a restricted set of commands
that could be executed, or even force a command like the "command=" option in
authorized_keys

The use of authorized_keys is not appropriate in our case because
1) We wish to enforce this for multiple users and creating and deploying a
private/public key pair for each remote user is time consuming and cumbersome.
It's also a step that can be potentially forgotten each time a new user is added.
2) For technical reasons, the user must type their password to login so that a
pam module may capture it.

I've asked on the security focus ssh list about this, but all the responses
pointed me to authorized_keys, so I'm guessing that means that it isn't implemented.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.