ssh-dummy-shell

Pekka Savola pekkas at netcore.fi
Sat Nov 24 06:37:17 EST 2001


On Fri, 23 Nov 2001, Markus Friedl wrote:
> well, do we really need this?
> 
> i think you just could use sftp-server as a loginshell and have the
> same effect.
> 
> are there any problems if we set the loginshell to sftp-server? for
> interactive logins nothing happens, and it even works with sftp over
> both protocol version 1 and 2.
> 
> are there any risks?
> 
> all ssh-dummy-shell is restrict the possible commands to sftp-server
> and prints an error message if the shell is used without the sftp
> client. so it's a little bit more user friendly.

Without a possibility for forced chroot, a shell is interesting but IMO
not all that useful.  If you don't trust the users with a shell, you 
probably don't want them poking around your system.  I wouldn't.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords




More information about the openssh-unix-dev mailing list