sshd executes ~/.ssh/sshrc without using user's shell

Andrew Bartlett abartlet at
Sat Mar 17 14:14:22 EST 2001

I am considering allowing (relitivly) untrusted local users onto my
fileserver, so they can use SFTP to access their home directories.

I have a custom shell, (a taint-mode enabled perl script) that allows
users to change their password, which I have modifed to only allow a
'-c' command for the sftp-server.  

I have also disabled TCP port forwarding.  However, some reading of the
OpenSSH code suggests that, while most commands sshd excutes use the
users login shell, the popen call for .ssh/sshrc does not.  
(session.c:1342 and there-abouts).  

Is this an issue?  Or do I have bigger things to worry about?

Andrew Bartlett
Andrew Bartlett
abartlet at

More information about the openssh-unix-dev mailing list