ForceCommand and NFS-shared home directories

Mikhail Terekhov termim at gmail.com
Tue Mar 25 02:56:56 EST 2008 

On Mon, Mar 24, 2008 at 10:37 AM, Ben Lindstrom <mouring at eviladmin.org> wrote:
>
>
>  On Mon, 24 Mar 2008, Mikhail Terekhov wrote:
>  >
>  > Yes in cases like my this option would be very useful.
>  > Meantime do you think that writing a wrapper script for the shell on the
>  > server that bypasses everything but the predefined in "ForceCommand"
>  > command would be a reasonable workaround?
>  >
>
>  Since it is sshd and not any shell running the ~/.ssh/rc file.  No amount
>  of workarounds will resolve this.  Only change the sshd can change this
>  behavior.
>
Actually I did the following experiment. I've created a test VM with SuSE 10.3
(this is openssh-4.6p1-58.3). Then I've put the following line into /etc/passwd:

+mynisloginname::::::/etc/ssh/sh

Then I've added this line to /etc/ssh/sshd_config:

ForceCommand svnserve -t

Then in /etc/ssh/sh:

#!/bin/sh
echo "HELLO from /etc/ssh/sh: 0=$0 @=$@"

Finally I've put something into my ~/.ssh/rc file. Then when I connect
to this VM machine I get:

~> ssh the.ip.of.vm ls
HELLO from /etc/ssh/sh: 0=/etc/ssh/sh @=-c /bin/sh .ssh/rc
HELLO from /etc/ssh/sh: 0=/etc/ssh/sh @=-c svnserve -t

This example shows that it is possible to create a wrapper around user
shell that will
trick the sshd and skip everything but our desired command. Does this
sound like a
reasonable workaround?

>  Taking a glance (because I don't have time to look at it fully right now)
>  the changes are ...
>
>  1. add: int is_forcedcommand; to session.h
>  2. modify line 1206 (or so) to read:
>
>  -        /* ignore _PATH_SSH_USER_RC for subsystems */
>  +        /* ignore _PATH_SSH_USER_RC for subsystems and forced commands */
>  -        if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
>  +        if (!s->is_subsystem && !s->forcedcommand &&
>  +            (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
>                  snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
>                      shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
>  4. Maybe initialize s->is_forcedcommand = 0;  (maybe, because we may do a
>         bzero() or other such magic to clear memory for this struct)
>  3. Find the right place to set s->is_forcedcommand = 1; (Since I've been
>         out of the code for too many years.  I can't state the right
>         place at this moment.  I assume still somewhere in sessions.c)
>
>From this description it looks like for the core OpenSSH developer it
would be an easy task
to implement this change. Nevertheless I'm ready to dig into the
sources and try to realize
your plan if people think it worth it.

Mikhail

More information about the openssh-unix-dev mailing list