Disabling remote commands, provide shell only
Wout Mertens
wmertens at cisco.com
Sat Aug 21 00:09:31 EST 2010
Hi all,
If you specify this perl script as a ForceCommand, users will not be able to run commands (or scp) remotely, only login.
Probably no-one will have a use for this but I thought I'd share because it shows how to run a shell as a login shell from a ForceCommand.
Wout.
#!/usr/bin/perl
use strict;
# Give the user a shell if that was their intention
if (exists $ENV{SSH_TTY} && not exists $ENV{SSH_ORIGINAL_COMMAND}) {
# Find out what their shell is
my @pw = getpwuid($<);
my $shell = $pw[8] || '/bin/sh';
# Run it as a login shell
exec { $shell } '-sh' ;
} else {
print STDERR "Remote commands disabled, please login instead.\n";
}
More information about the openssh-unix-dev
mailing list