HowTo Disable execution of commands whit ssh and scp/sftp

[Alexander Dalloz]

Am Do, den 11.03.2004 schrieb Dario Lesca um 18:44:
> Hi, someone know howto disable the execution of any command via ssh and
> disable the scp/sftp service?
> 
> OK; ssh user at host 
> NO: ssh user at host cat /etc/passwd
> NO: scp user at host:/etc/passwd /tmp
> NO: sftp user at host
> 
> Many thanks!

The keyword is "chroot" or "jail". It means to ban a user into his home
and limit commands to those inside the chroot.

This sounds simple but it is not. There are a few howtos available (do a
google search), but they can let experienced users escape from chroot.
For a real solution it needs the use of kernel patches and ACLs like
grsecurity or - which comes with FC2 - SELinux.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 1 (Yarrow) on Athlon CPU kernel 2.4.22-1.2174.nptl
Sirendipity 18:54:33 up 2 days, 19:14, load average: 1.13, 1.17, 1.15 
                   [ Γνωθι σ'αυτον - gnothi seauton ]
             my life is a planetarium - and you are the stars