restricting non-pty cmds with passwd auth
Jefferson Ogata
Jefferson.Ogata at noaa.gov
Thu Sep 23 06:26:40 EST 2004
Jeremy Jackson wrote:
> I'm looking for a way to force users to use a pty and their login shell.
> They have a .profile that forces them to use a specific application.
> They are currently logging in with telnetd, so this is effective. I
> want to move to openssh, but this would allow "ssh user at host /bin/sh"
> and any other commands they can think of to bypass this restriction.
>
> Is there a way to make openssh as restrictive at the current environment?
If you are using pubkey authentication you can use the cmd= option in the
user's authorized_keys file.
--
Jefferson Ogata <Jefferson.Ogata at noaa.gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at noaa.gov>
More information about the openssh-unix-dev
mailing list