restricting non-pty cmds with passwd auth

Damien Miller djm at
Thu Sep 23 16:30:57 EST 2004

Jeremy Jackson wrote:
> Hi,
> I'm looking for a way to force users to use a pty and their login shell. 
>   They have a .profile that forces them to use a specific application. 
> They are currently logging in with telnetd, so this is effective.  I 
> want to move to openssh, but this would allow "ssh user at host /bin/sh" 
> and any other commands they can think of to bypass this restriction.
> Is there a way to make openssh as restrictive at the current environment?

You can make the forced command the user's shell, or use a custom
restricted shell like rssh.


More information about the openssh-unix-dev mailing list