restricting non-pty cmds with passwd auth

Jefferson Ogata Jefferson.Ogata at
Thu Sep 23 06:26:40 EST 2004

Jeremy Jackson wrote:
> I'm looking for a way to force users to use a pty and their login shell. 
>  They have a .profile that forces them to use a specific application. 
> They are currently logging in with telnetd, so this is effective.  I 
> want to move to openssh, but this would allow "ssh user at host /bin/sh" 
> and any other commands they can think of to bypass this restriction.
> Is there a way to make openssh as restrictive at the current environment?

If you are using pubkey authentication you can use the cmd= option in the 
user's authorized_keys file.

Jefferson Ogata <Jefferson.Ogata at>
NOAA Computer Incident Response Team (N-CIRT) <ncirt at>

More information about the openssh-unix-dev mailing list