patch - forceshell
Don Mahurin
dmahurin at berkeley.innomedia.com
Sat Oct 6 02:41:57 EST 2001
Damien Miller wrote:
> > I don't want any magic. With a shell= auth param, the client side
> > users need to know nothing, and can use unmodified ssh clients.
>
> I don't see the need for modified ssh clients and I can see why
> SSH_ORIGINAL_COMMAND is no help?
The patch was a simple server side change. Ordinary ssh clients can be used with this.
You are proposing that instead, the shell ( or wrapper ) must be modified to understand the env var.
With the submitted patch, you could forget about what is in /etc/passwd, and even do something like shell="/bin/csh.".
With your suggestion, you would need to do command=csh_ssh_command, with csh_ssh_command
being '#!/bin/sh\ncsh $SSH_ORIGINAL_COMMAND'
Even simpler, knowing how ssh works, instead of shell="/bin/csh",
you could do shell="echo $SSH_ORIGINAL_COMMAND | /bin/csh".
But this reliance on SSH_ORIGINAL_COMMAND is somewhat sloppy and could break with an ssh change.
(Imagine if ssh's problem of unquoting commands was fixed).
-don
More information about the openssh-unix-dev
mailing list