no-pty option.
Darren Tucker
dtucker at zip.com.au
Tue Mar 22 07:00:14 EST 2005
rz1a at nwgsm.ru wrote:
> Not sure if this is a proper list to ask and it's not strictly
> OpenSSH related.
>
> I put the "no-pty" option on a key and try to login with it. As it
> should be - the shell access is denyed.
>
> However, I get an unrestricted access if I execute a command like
> this:
> $ ssh user at server /bin/sh
>
> I get the shell that just has no prompt but works as usual.
What you have there is a regular interactive shell without a controlling
terminal.
Things requiring a controlling terminal won't work but pretty much
everything else will.
> All this badness happens to me on QNX4 and SSH.com's ssh-1.2.33.
>
> Now the question:
> How does it happen on other UNIXes?
Typically the same thing happens.
> What would you suggest - is it a port's fault or a OS's "specifics"?
If you need to prevent users running certain commands (like /bin/sh)
you'll need a restricted shell or similar.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list