Disabling $HOME/.ssh/rc
Scott Neugroschl
scott_n at xypro.com
Fri Oct 23 05:25:07 EST 2009
> Sorry if this is a silly question, but I couldn't see how to stop
this.
>
> I'm concerned with the use of ~/.ssh/rc and similar files. The
> problem is that if $HOME is on an NFS server then this essentially
> means user accounts can be compromised due to ssh activity, or a
> locked down account (command= restrictions) may be able to exceed it's
> expected access rights.
>
> We already put authorized_keys into /etc (painful; means every host
> needs
> touching) and would like to be able to prevent other types of non-
> approved execution.
>
Guess what? You get to edit and distribute authorized_keys again. If
you look at the man for sshd, in the authorized_keys section, you see
that you can add no-user-rc as a comment on any particular key.
More information about the openssh-unix-dev
mailing list