Feature request

Jan de Haan jdehaan at zwartkasteel.nl
Wed May 28 15:09:45 EST 2008


Hi Doug,

   see man sshd(8), authorized_keys format: how about a command="/bin/rbash"
?
Does that work?

Sincerely,

Jan


On 5/28/08, Doug Poulin <dougp at prostyle.com> wrote:
>
> The sshd server has what I think is a serious flaw.  There appears to be no
> way to turn off remote command execution.  (someone please correct me if I
> am wrong).
>
> We have a server which uses a chroot jail, and rbash to severely limit what
> users can do on our system.  The remote command bypasses all of that.
>
> ie.  ssh user at host cat /etc/passwd  will display the password file for the
> live system and not the chrooted jail.
>
> I've checked the man pages and so far I haven't seen anything that will
> allow me to override this functionality.  We may be able to use the
> public/private key with the command override feature, but I'd rather the
> problem was addressed properly.
>
> Comments?
> Doug
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>


More information about the openssh-unix-dev mailing list