Feature request
Jan de Haan
jdehaan at zwartkasteel.nl
Wed May 28 15:09:45 EST 2008
Hi Doug,
see man sshd(8), authorized_keys format: how about a command="/bin/rbash"
?
Does that work?
Sincerely,
Jan
On 5/28/08, Doug Poulin <dougp at prostyle.com> wrote:
>
> The sshd server has what I think is a serious flaw. There appears to be no
> way to turn off remote command execution. (someone please correct me if I
> am wrong).
>
> We have a server which uses a chroot jail, and rbash to severely limit what
> users can do on our system. The remote command bypasses all of that.
>
> ie. ssh user at host cat /etc/passwd will display the password file for the
> live system and not the chrooted jail.
>
> I've checked the man pages and so far I haven't seen anything that will
> allow me to override this functionality. We may be able to use the
> public/private key with the command override feature, but I'd rather the
> problem was addressed properly.
>
> Comments?
> Doug
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list