ssh-dummy-shell
Pekka Savola
pekkas at netcore.fi
Sat Nov 24 06:37:17 EST 2001
On Fri, 23 Nov 2001, Markus Friedl wrote:
> well, do we really need this?
>
> i think you just could use sftp-server as a loginshell and have the
> same effect.
>
> are there any problems if we set the loginshell to sftp-server? for
> interactive logins nothing happens, and it even works with sftp over
> both protocol version 1 and 2.
>
> are there any risks?
>
> all ssh-dummy-shell is restrict the possible commands to sftp-server
> and prints an error message if the shell is used without the sftp
> client. so it's a little bit more user friendly.
Without a possibility for forced chroot, a shell is interesting but IMO
not all that useful. If you don't trust the users with a shell, you
probably don't want them poking around your system. I wouldn't.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
More information about the openssh-unix-dev
mailing list