openssh interface

Nico Kadel-Garcia nkadel at gmail.com
Fri May 24 18:13:24 AEST 2019


On Thu, May 23, 2019 at 10:07 AM Gorka Lendrino Vela
<gjlendrino.box at gmail.com> wrote:
>
> Shutdown a database is only an example.
> My question is if there is any interface provided by the openssh server to
> add new functionality or call a dynamic library that implements this
> functionality?

Intercepting the shell commands being passed to the remote server is
pretty nasty. It's like putting a chip in a keyboard that detects
certain words being typed and does something else. It's potentially
quite nefarious, intercepting a normal SSH initiated shell and passing
distinct commands. SSH *should not* be pulling stunts like that, it's
begging for abuse and for errors.

The "ForceCommand" can be used for ssh keys, or for particular SSH
commands, to do defined actions. And there are tools like the old
"rssh" shell that provided restricted shells for particular users,
shells that had only particular commands available. Would either of
those serve?


More information about the openssh-unix-dev mailing list