ForceCommand and ~/.ssh/rc
Damien Miller
djm at mindrot.org
Tue Mar 25 08:57:39 EST 2008
On Thu, 20 Mar 2008, Mikhail Terekhov wrote:
> Hi,
>
> As I understand the "ForceCommand" in the sshd_confing file is meant to
> ignore any command supplied by the client, but if user's home is shared by
> server and client machines over network (ex. NFS) then user can still put
> something else into ~/.ssh/rc file and overcome this limitation. Is it
> possible to disable execution of the ~/.ssh/rc file in such a case?
Could you please try this?
Index: session.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/session.c,v
retrieving revision 1.230
diff -u -p -r1.230 session.c
--- session.c 22 Feb 2008 05:58:56 -0000 1.230
+++ session.c 24 Mar 2008 21:52:49 -0000
@@ -1217,7 +1217,7 @@ do_child(Session *s, const char *command
closefrom(STDERR_FILENO + 1);
- if (!options.use_login)
+ if (!options.use_login && options.adm_forced_command == NULL)
do_rc_files(s, shell);
/* restore SIGPIPE for child */
More information about the openssh-unix-dev
mailing list