patch - forceshell

Damien Miller djm at
Fri Oct 5 18:12:56 EST 2001

On Thu, 4 Oct 2001, Don Mahurin wrote:

> > > This patch allows you can have some chrooted shell (actually any shell)
> > > associated with a specific key.
> > > You could do this with command=, but then the command given to ssh will
> > > be ignored, and scp will not work.
> >
> > You can get around this by using the $SSH_ORIGINAL_COMMAND env var.
> This env var is really no help.
> You could do:
>    echo '$SSH_ORIGINAL_COMMAND' | ssh Host echo hi world
> But why not just do:
>    echo 'hi world' | ssh Host
> And using scp, will require some wrapper script, or other magic.
> I don't want any magic.  With a shell= auth param, the client side
> users need to know nothing, and can use unmodified ssh clients.

I don't see the need for modified ssh clients and I can see why

cat > /usr/local/sbin/

chroot /whereever /bin/sh -c '$SSH_ORIGINAL_COMMAND'

cat > /home/blah/.ssh/authorized_keys
command="/usr/local/sbin/" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA6avTPMW9YhJG39KAGMxxwRpUTlRefxLJvXiEugEy66R/2YaF505iP35ERckSmnPsd5z9vbYBjVfp3XZ2Juf6phBYMUSQ/o8N3yFvsE19xoX+oECMuOlZtJRYRxbK0dxPTLCgEYnHMeqvD2Hs4d3ZI/KQgc7/q7Hjzz3Vz0AfZn8= djm at



| Damien Miller <djm at> \ ``E-mail attachments are the poor man's 
|          /   distributed filesystem'' - Dan Geer

More information about the openssh-unix-dev mailing list