restricting non-pty cmds with passwd auth

Carson Gaspar carson at taltos.org
Thu Sep 23 16:24:09 EST 2004


--On Thursday, September 23, 2004 3:37 AM +0200 Peter Stuge 
<stuge-openssh-unix-dev at cdy.org> wrote:

> On Wed, Sep 22, 2004 at 03:10:18PM -0400, Jeremy Jackson wrote:
>> Is there a way to make openssh as restrictive at the current
>> environment?
>
> Give users keys for authentication, allow no other authentication
> method and use command= in .ssh/authorized_keys.
>
> See AUTHORIZED_KEYS FILE FORMAT in sshd(8)

In other words, no. The current openssh tree only allows command 
restrictions when using publickey auth. It wouldn't be hard to patch it to 
support command restrictions with other auth types, but it hasn't been done 
(AFAIK).

-- 
Carson




More information about the openssh-unix-dev mailing list