List of allowed commands to run

Peter Stuge stuge-openssh-unix-dev at cdy.org
Sat May 19 08:02:17 EST 2007


On Sat, May 19, 2007 at 12:00:30AM +0200, perret.yannick wrote:
> > This problem is better solved by the shell. All commands that
> > sshd execute on behalf of the client use the shell,
> 
> Well, it may be a way.

No, read again.


> In this case we should use the ForceCommand to set the restricted
> shell, right?

No, you configure the restricted shell for the user.

sshd calls the user's shell any time it shall execute something.

The user's shell does the validation.

Needless to say (I will anyway to make sure) the user must not be
allowed to change the shell with such a configuration.


//Peter


More information about the openssh-unix-dev mailing list