OpenSSH NoPty patch

Iain Morgan imorgan at nas.nasa.gov
Sat Feb 2 08:46:44 EST 2013


On Thu, Jan 31, 2013 at 13:12:11 -0600, Teran McKinney wrote:
> Hey everyone,
> 
> I wanted to add support for denying PTY allocation through OpenSSH. I'm
> not certain if this is quite thorough enough for all cases, but for me
> it might work for the moment.
> 
> I know that you can currently do this through authorized_keys, but as
> far as I know that only works for an actual key. In my use case, I
> wanted a user with no password which is forced to run a specific
> command, and without a PTY. I didn't see any other good options for
> this, so I wrote my own based off of the X11Forwarding directive.
> 

Without commenting on the details of the code, I would like to suggest
using a different keyword than "NoPty." Although NoPty is consistent
with the no-pty authorized_keys keyword, it goes against the grain of
other sshd_config options. Also, the double-negative of "NoPty yes" is
somewhat annoying.

Instead, you might want to consider "PermitTTY" which would be
consistent with existing sshd_config options (PermitOpen, PermitUserEnv,
etc.) and would also be consistent with the ssh_config RequestTTY
option.

-- 
Iain Morgan


More information about the openssh-unix-dev mailing list