patch - forceshell
Damien Miller
djm at mindrot.org
Fri Oct 5 18:12:56 EST 2001
On Thu, 4 Oct 2001, Don Mahurin wrote:
> > > This patch allows you can have some chrooted shell (actually any shell)
> > > associated with a specific key.
> > > You could do this with command=, but then the command given to ssh will
> > > be ignored, and scp will not work.
> >
> > You can get around this by using the $SSH_ORIGINAL_COMMAND env var.
>
> This env var is really no help.
>
> You could do:
> echo '$SSH_ORIGINAL_COMMAND' | ssh Host echo hi world
> But why not just do:
> echo 'hi world' | ssh Host
> And using scp, will require some wrapper script, or other magic.
>
> I don't want any magic. With a shell= auth param, the client side
> users need to know nothing, and can use unmodified ssh clients.
I don't see the need for modified ssh clients and I can see why
SSH_ORIGINAL_COMMAND is no help?
cat > /usr/local/sbin/dochroot.sh
#!/bin/sh
chroot /whereever /bin/sh -c '$SSH_ORIGINAL_COMMAND'
^D
cat > /home/blah/.ssh/authorized_keys
command="/usr/local/sbin/dochroot.sh" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA6avTPMW9YhJG39KAGMxxwRpUTlRefxLJvXiEugEy66R/2YaF505iP35ERckSmnPsd5z9vbYBjVfp3XZ2Juf6phBYMUSQ/o8N3yFvsE19xoX+oECMuOlZtJRYRxbK0dxPTLCgEYnHMeqvD2Hs4d3ZI/KQgc7/q7Hjzz3Vz0AfZn8= djm at mothra.mindrot.org
^D
????
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list