restricting non-pty cmds with passwd auth

guyverdh at guyverdh at
Fri Sep 24 02:44:32 EST 2004

Couple of things you could try from the source side.

#1 rename the ssh binary, and replace with a shell script.
Allow it to parse parameters.

Parameters starting with a "-" minus sign are added to a variable,
then the first non "-" parameter is taken as well and added to said variable.
Then execute the renamed ssh binary with the variable contents used as 


while [ ${#} -gt 0 ]
   case ${1} in
      -*) varParams=${varParams}" ${1}" && shift 1;;
      *) varParams=$(varParams)" ${1}" && shift ${#};;

/usr/local/bin/ssh.cmd ${varParams}


Second, make an ssh alias for the user's profile, that only accepts one 

alias ssh=/usr/local/bin/ssh ${1}

More information about the openssh-unix-dev mailing list